We have an expert team, highly qualified and with a long trajectory implementing Compliance Management Systems.

Among the services offered stands out the implementation of High Level Compliance Structures. They are integrated into existing processes in the organization interfering as little as possible in the daily business activity.

A high level structure of Compliance covers different areas that are not mutually exclusive: the implementation of corporate crime prevention management systems, the implementation of anti-corruption management systems, the implementation of personal data protection management systems , the implementation of anti-money laundering management systems, the implementation of Good Governance and Corporate Social Responsibility management systems, the implementation of Information Security Management Systems.

1. Corporate crime prevention management systems

They are based on a specific methodology that helps the company to create a culture of regulatory compliance within its core. The same is carried out in the following way:

• Knowledge of the business and corporate environment.
• Knowledge of the regulatory environment and regulation that affects the company
• Risk Assessment
• Establishment of Controls.
• Due Diligence processes
• Oversight and Evaluation

This methodology strictly follows the procedures of the UNE 19601: 2017 regulation of Criminal Compliance Management and the Report of the Prosecutor's Office 1/2016, which adapts to the needs of the company in terms of the crime casuistry included in the Spanish Criminal Code. Among the advantages of implementing these types of systems we must highlight: the exemption or mitigation of criminal liability; business continuity; the creation of internal economies; the internal and external diffusion of a positive business ethic; the need in order to see your business grow as it is becoming more common in commercial traffic that operators demand between themselves the implementation of this type of systems to be able to establish business relationships; the need to hire civil liability insurance, the need to be able to tender with the Public Administration.

This service that BELZUZ Abogados offers tries to create a culture of compliance within the company. We advise on the creation and dissemination of Ethical Codes, Policies and Procedures, Due Diligence Processes to third parties with which the company relates (suppliers, customers, ...), establishment of training courses and establishment of whistleblower channels. Similarly, it relies on the creation of a repository of digital evidence as well as the development of internal investigation processes related to the commission of any administrative offense or crime.

2. Anti-Bribery Management Systems

They are based on a specific methodology again that helps the company to create a culture of regulatory compliance within its core. The same is carried out in the following way:

• Establishment of Policies and Procedures
• Establishment of Internal Controls
• Training for managers, employees and third parties
• Risk Assessment according to:
  1. Commercial operations and their cost
  2. Project complexity
  3. The geographical location of the project
  4. The last potential beneficiaries
• Due Diligence processes to third parties
• Oversight and Evaluation

Likewise the corporate crime prevention management systems, this methodology strictly follows the procedures of the ISO 37001: 2016 Anti-bribery Management Systems standard. BELZUZ Abogados advises on the implementation of this management system to ensure best practices within the companies for the prevention, detection and reaction to bribery.

3. Personal Data Protection Management Systems

One of the biggest transformations brought about by technological innovations such as the Internet has been the capacity to store, access and exploit information, the best-known example of which is personal data.

Guaranteeing and protecting individuals’ fundamental rights, honour and privacy require the specific advice we offer our customers, both with regard to companies’ compliance with legal requirements, and protecting the rights of the holders of those rights. Our advice covers, amongst other things:

Corporate compliance

• Companies’ compliance with the legal requirements concerning the protection of personal data.
• Drafting privacy policies and procedures for protecting personal data.
• Ensuring security measures are adequate.
• Management and resolution of the exercise of the rights of access, rectification, erasure (right to be forgotten), objection, restriction of processing and right to data portability.
• Design and adaptation of reporting channels.

Audits

• Biannual statutory audits and the auditing of security measures.
• Preparation of the Security Document and adaption of Security measures to comply with legal obligations.
• “Website auditing” (analysing content relating to image rights, privacy, honour, privacy policies, cookies) of the different areas of the website, sections, social networks, blogs, forums and links to other sites.

Legal texts, agreements

• Drafting agreements governing confidentiality and the processing of personal data.
• Data Processor and subprocessor agreements (access to data on behalf of third parties), assignment of databases.
• Drafting texts for compliance with information obligations, obtaining consent.
• Special clauses for “cloud computing”.
• Special clauses for obtaining consent for receiving advertising via electronic media.
• Obtaining consent for specially protected data.

International data transfers

• Agreements with standard EU clauses and specific clauses.
• “Binding Corporate Rules” for international transfers of data.

Administrative and court proceedings

• Planning, determination of the structure and registration of files with the Spanish Data Protection Agency. Erasure of files.
• Assistance with informative, protection of rights and disciplinary proceedings.
• Obtaining authorisation for international transfers of data and other authorisations and communications.
• Procedure for obtaining exemption from the duty to inform.
• Appeals for judicial reviews to the Spanish High Court in relation to the protection of personal data.

Other

• Exercising the rights of access, rectification, erasure (right to be forgotten), objection, restriction of processing and right to data portability.
• Exercising the latter rights in relation to files concerning financial solvency, advertising and commercial research.
• Exclusion files for the sending commercial communications.

Adaptation to the EU General Data Protection Regulation 2016/679

• Advice on adaptation / modification of the Security Document or Processing Registry.
• Adaptation of consent requirement and renewal of the tacit consents previously obtained, as well as the adaptation of the information on the data processing to be carried out.
• Adaptation of clauses in contracts related to data protection and any other of civil or commercial nature, reports, legal notices in emails.
• Adaptation of Legal Notice, Privacy Policy, Terms of Use and Cookies Policy for web pages.
• Modification of the old ARCO Rights, including the right of erasure (right to be forgotten), restriction of processing and right to data portability.
• Continuous training for employees regarding the regulation of Personal Data Protection.
• Internal implementation of the Data Protection Officer position as well as the possibility of outsourcing their work with attendance as external advisors in the Legal Advisory / Compliance Committees.

4. Anti-Money laundering management systems

An integral service is offered to help the liable subjects by Law 10/2010 of Anti-Money Laundering and Counter Financing of Terrorism and by RD 304/2014 that develops the previous Law. In this sense, BELZUZ Abogados counts on a professional team to carry out the following tasks:

• Expert reviews
• Advice on the implementation of Handbooks for Anti Money Laundering Measures
• Know Your Customer Models (KYC). Formal identification, identification of the real owner, purpose of the business relationship, monitoring of the business relationship
• Conducting Due Diligence processes to clients, suppliers and third parties
• Management of risk profiles (PEP's) and suspicious transactions
• Training
• Internal Audits and External Reports

Likewise, we advise before the opening of any administrative file by the SEPBLAC, for the commission of any offense as well as before the imminence of any SEPBLAC screening to the corresponding company.

5. Good Governance and Corporate Social Responsibility management systems

• In application of the international standard UNE-ISO 26000: 2012 of Corporate Social Responsibility and of the EU Directive 95/2014, BELZUZ Abogados advises companies in environmental, social and human rights matters as well as in Good Corporate Governance matters.
• Consulting in the writing of CSR Reports. Those Reports must meet the criteria, commitments and activities of the company in this matter, with a triple dimension: social, economic and environmental and in accordance with Order ESS / 1554/2016.
• Non-Financial Information Audits. Additional reporting to the financial statements, which include environmental aspects (such as greenhouse gas emissions, use of renewable energy sources and water consumption, among others), social aspects (including matters such as equality, workers rights, health and safety at work or attention to local communities) and aspects of good governance (covering key elements such as anticorruption, human rights or antibribery).

6. Information Security Management Systems

• Audit and evaluation of risks related to information security and business continuity.
• Implementations of international standards ISO-UNE 27001: 2014, 27002: 2015 and 22301: 2015.

More information about the Commercial and Corporate Law | Madrid (Spain)