Beatriz Rivera Romero, General Director of the National Accreditation Body (ENAC), and Lorenzo Cotino Hueso, President of the Spanish Agency for Data Protection (AEPD), held an institutional meeting due to the latter’s recent appointment as head of the agency. The meeting also involved ENAC’s Technical Director, Ignacio Pina, and the Deputy of the Agency, Francisco Pérez Bes.  

During the meeting, both parties highlighted the excellent collaborative relationship they have maintained for years, a main milestone being the development and implementation of the certification scheme for the Data Protection Officer (DPO) role, within the framework of the General Data Protection Regulation (GDPR).

The meeting also allowed new collaboration opportunities between both parties to be explored. Additionally, some general aspects of the recently published draft of the AEPD Strategic Plan 2025-2030 were addressed, with the president expressing interest in receiving any contributions that ENAC could make to it.

For the AEPD, as stated in the draft of the afore-mentioned Plan, 'privacy and data protection are a shared effort, reflecting that multilevel cooperation in Spain enables privacy to be integrated into key sectors while better protecting vulnerable groups.”

Continuously collaborating in data security

In order for the accreditation process to be trusted and provide value in the market, it is ENAC’s priority to work closely with representatives from all stakeholders (administrations, professional organizations, business associations, and science-medical associations, among others), to ensure that the accreditation process has the rigor it demands, as well as to provide the technical and professional knowledge required in each case.

Likewise, ENAC offers its technical support to the administration and to different public bodies needing to incorporate the requirement of accredited assessors in the assessment and control activities necessary for their operations or to fulfill public objectives, by fully utilizing the technical standards and accreditation in each case.

An example of this collaboration is the certification scheme for individuals for the position of Data Protection Officer (DPO), developed by the Spanish data Protection Agency (DPD) with the aim of providing security and reliability to both privacy professionals and the companies and bodies that needed to incorporate the figure of a data protection officer (DPO) due to European requirements. To this end, and with the support of ENAC, the AEPD chose to develop a certification scheme for individuals that defines the competencies and knowledge that a professional must demonstrate to be certified, and it only accepts as proof that the person has undergone an assessment process by ENAC-accredited certification bodies in accordance with the UNE-EN ISO/IEC 17024 standard.

By using accreditation, the AEPD seeks to provide confidence that the certification bodies operating in its scheme have demonstrated their competence, independence, and transparency, that they operate in accordance with an internationally recognized standard, and that their activity will be subject to continuous supervision by ENAC.