MY PROJECTS IN PRIVACY AND COMPLIANCE
Here you will find real examples of my work in auditing, process design, documentation, and privacy solution development, applied in companies across Spain and Europe.
Projects
Over the past few years, I have worked on projects related to the GDPR, combining regulatory analysis, process design, software development, and documentation. These are some representative examples of my practical experience.
Independent audits
Real Estate: Key Findings
- Cookie consent issues: Analytics and marketing cookies set before user consent; no clear “Reject” option.
- Privacy policy gaps: Missing vendor list, unclear data retention periods, and weak mapping of purposes to legal bases.
- Contact & inquiry forms: Insufficient transparency on purposes, recipients, and storage duration.
- Third-party integrations: Embedded maps, CRMs, and trackers loading without prior consent.
- Deliverables:
– Senior management summary (risk-focused, executive-ready)
– Technical findings spreadsheet with screenshots
Scope: Publicly accessible website only. No access to internal CRM or sales systems.
Law Firms: Key Findings
- Tracking before consent: Analytics and marketing scripts loading on initial page load.
- Transparency gaps: Incomplete DPO/EU representative details and limited clarity on data subject rights.
- Form-related risks: Contact and consultation forms lacking clear purpose, legal basis, or retention information.
- Third-party tools: External services embedded without conditional loading based on user consent.
- Deliverables:
– Senior management summary (risk-focused, executive-ready)
– Technical findings spreadsheet with screenshots
Scope: Publicly accessible website only. No access to internal CRM or sales systems.
Clinics: Key Findings
- Sensitive data context: Appointment and contact forms may involve health-related data without adequate safeguards or explicit risk recognition.
- Operational readiness: Limited visible guidance on handling data subject requests or patient data workflows at the website level.
- Form transparency gaps: Missing or unclear information on purposes, lawful basis, data retention, and data subject rights.
- Consent and cookies: Analytics and third-party scripts observed loading before valid user consent is obtained.
- Deliverables:
– Senior management summary (risk-focused, executive-ready)
– Technical findings spreadsheet with screenshots
Scope: Publicly accessible website only. No access to internal CRM or sales systems.
TickGDPR — Product Development and Evolution
I have worked on TickGDPR since its first version and am currently involved in its evolution into a multi-tenant SaaS platform. This project has allowed me to deepen my expertise in:
- GDPR-compliant functional design
- Modelling of processing activities, risks, and security measures
- Automated and customisable documentation
- Specialised modules (DSAR, consent, breaches, legal bases, processors, etc.)
- Integration of Privacy by Design principles
- Process automation using AI and intelligent templates
- Multi-tenant architecture (Laravel + Tenancy)
- Review of roles, permissions, and technical structures
Outcome
A robust system that reflects real compliance processes and allows me to provide a very solid technical and operational perspective to my clients.
Explore the full product features
https://es:8890/features/?lang=en
Features and Processes Developed
- Multi-company (multi-tenant) architecture (Laravel + Tenancy)
- End-to-end management of processing activities, risks, legal bases, and security measures
- Modules for DSARs, policies, contracts, documentation, and controls
- Document automation using AI and intelligent templates
- Review of permissions, roles, access controls, and technical structures
- Integration of Privacy by Design principles into functional design
- Processes used by consultancies, DPOs, and internal departments
Outcome
A robust system that reflects real compliance processes and allows me to provide a technical and operational perspective to my clients.
Would you like to learn more about my work?
I can help you review your processes, prepare your documentation, or guide you through GDPR implementation in your organization.