Skip to content

Cross the 50-employee threshold with every compliance obligation covered

Full compliance package for companies crossing the 50-employee threshold: whistleblower channel, equality plan, criminal compliance programme, GDPR audit, employment audit and AML programme.

Growing SME reaching or exceeding 50 employees and facing new statutory compliance obligations

What is included

Included services

Whistleblower channel (Ley 2/2023)

Implementation of the mandatory internal reporting channel required by Ley 2/2023 (Spanish Whistleblower Protection Act): procedure design, responsible officer designation, technology platform setup, employee training and whistleblowing policy documentation. We ensure the anonymity and confidentiality standards required by law.

Equality Plan (Plan de Igualdad)

Preparation of the mandatory Equality Plan for companies with 50 or more workers: situational diagnosis, pay audit, corrective measures, Pay Register and negotiation with employee representatives. Registration in the official REGCON register.

Criminal compliance programme (Art. 31 bis Spanish Criminal Code)

Design and implementation of the corporate crime prevention model under Article 31 bis of the Spanish Criminal Code: criminal risk mapping, policies and controls, reporting channel, compliance officer appointment, training and periodic review. Reduces or eliminates corporate criminal liability.

Data protection audit (GDPR)

Full review of GDPR compliance: processing activity inventory, data processor agreements, information notices, risk analysis, technical security measures and update of the Record of Processing Activities. Gap report and action plan.

Employment audit

Review of employment law compliance: working-time records, overtime controls, applicable collective agreement, professional classification, salary scales, maternity and paternity protection, occupational health and safety obligations and employment contract documentation.

AML programme (if applicable)

For companies subject to the Anti-Money Laundering Act: assessment of whether the company falls within the regulatory perimeter, implementation of the prevention manual, KYC/KYB procedures, employee training and preparation for SEPBLAC inspections.

Investment

From EUR 5,900

Base price for companies with between 50 and 100 employees in unregulated sectors. Companies subject to sector-specific regulation (financial, real estate, insurance) require a tailored quote.

The regulatory leap at 50 employees

Growth is good, but in Spain crossing the 50-employee mark activates a set of legal obligations that many companies discover only when they receive their first inspection or complaint. The Whistleblower Protection Act (2023), the mandatory Equality Plan, the criminal compliance requirements under Article 31 bis of the Criminal Code, GDPR and converging labour regulations form a dense regulatory framework that requires dedicated, specialised expertise to implement correctly.

The most common mistake is to treat each requirement in isolation: one consultant for GDPR, an employment lawyer for the equality plan, another firm for criminal compliance. This approach is expensive, slow and generates overlaps and contradictions between the resulting documents. At BMC we integrate all compliance vectors into a single, coordinated project, which significantly reduces timelines and total cost.

The consequences of non-compliance

The penalties for compliance failures are not theoretical: the Labour Inspectorate actively audits companies required to have an Equality Plan, the AEPD (Spanish Data Protection Agency) imposes multimillion-euro fines for GDPR infringements, and the absence of a whistleblower channel can cost up to EUR 1 million in fines. But beyond financial penalties, reputational risk and personal criminal liability for directors are consequences no company can afford to ignore. Our package gives you the certainty of being covered on all fronts.

FAQ

Frequently asked questions

Ley 2/2023 of 20 February, which transposes the EU Whistleblower Directive, requires private-sector companies with 50 or more workers to have an internal reporting channel. The adaptation deadline for these companies was 1 December 2023. Companies that do not comply are exposed to fines of up to EUR 1 million for legal entities.
The absence of a mandatory Equality Plan is a serious infringement under Royal Decree-Law 6/2019, punishable by fines of up to EUR 187,515. The company may also lose access to public contracts and subsidies. If you have recently crossed the threshold, you have a period of time to negotiate and register the plan with employee representatives.
It is not technically mandatory, but since the 2015 Criminal Code reform, legal entities can face criminal liability for offences committed by their directors or employees on their behalf. Having an effective crime prevention model in place is the principal ground for exemption from or mitigation of that liability. For companies of a certain size, the risk of not having one far outweighs the cost.
The complete process typically takes 3 to 6 months, depending on the size and complexity of the company and the speed at which management provides information and makes decisions. The whistleblower channel can be operational within 2 to 3 weeks. The Equality Plan requires negotiation with employee representatives, which may extend the timeline. We prioritise based on each client's regulatory urgencies.
The threshold is calculated as the average headcount over the previous year. All workers are counted regardless of their contract type (permanent, temporary, part-time in proportion to their working hours). Temporary agency workers do not count for the Equality Plan threshold at the host company. If you are close to the threshold, now is the time to prepare before you cross it.

Request a personalized consultation

Our experts are ready to analyze your situation and provide tailored solutions.

Free consultation
Call Contact