Bárbara Botía Sainz de Baranda

End-to-end management of corporate obligations: general meetings, minutes, share register, accounts filing, and Commercial Registry matters.

Full-service corporate entity administration that frees your leadership team from the operational burden of compliance.

Full compliance with the EU Artificial Intelligence Act: risk classification, conformity assessments, transparency obligations, and prohibited practice audits.

AI governance frameworks, ethics committees, algorithmic auditing, bias detection, and AI system registries for responsible organisations.

AML/CFT compliance programme for entities subject to Spain's Law 10/2010: policies, procedures, training, and SEPBLAC liaison.

Immediate data breach response: 72-hour AEPD notification, containment, impact assessment, affected individual communication, and post-breach remediation.

Comprehensive compliance risk mapping: regulatory obligation register, risk heat maps, multi-regulatory gap analysis (GDPR, NIS2, AI Act, AML), and regulatory change management.

Cookie audit, Consent Management Platform implementation, LSSI-CE compliance, and ePrivacy Regulation preparation for websites and digital platforms.

Criminal compliance for businesses in Madrid: Article 31 bis CP programme, whistleblowing channel Law 2/2023, compliance officer and Anticorruption Prosecutor defence.

Corporate criminal compliance programmes to exempt or mitigate the criminal liability of legal entities under Article 31 bis of the Spanish Criminal Code.

Specialised legal defence for individuals and companies investigated for money laundering (Art. 301–304 CP). Technical defence of rights before the judicial police, the Public Prosecutor's Office and the examining courts.

Tax crime defence (Art. 305 CP): expert quantification of the evaded tax quota, voluntary disclosure before charge, and litigation strategy from the AEAT inspection through to oral trial.

Specialised legal defence for directors, authorised signatories and executives investigated for unfair administration (Art. 252 CP). Comprehensive strategy from investigation to trial, with coordination of parallel civil corporate liability proceedings.

Cyber insurance advisory: policy review, coverage gap analysis, risk quantification for underwriters, claims management, and pre-renewal security improvement roadmap.

Security posture assessment, compliance audits (ENS, ISO 27001, NIS2), vulnerability assessment, penetration testing management, and third-party risk evaluation.

Advisory on compliance with the DAC8 Directive (EU 2023/2226) on crypto-asset information exchange, in force from 2026. Obligations for CASP providers and user reporting.

GDPR and LOPDGDD compliance, outsourced DPO, and comprehensive privacy management for businesses.

Digital evidence preservation with chain of custody, forensic IT coordination, e-discovery in arbitration and litigation, and acquisition of admissible electronic evidence for Spanish and international proceedings.

Full implementation of the DORA framework (Regulation 2022/2554) for financial entities: ICT risk management, incident reporting, resilience testing, and ICT third-party risk.

Financial regulatory advisory for financial entities, fintechs, and crypto-asset businesses in Spain: CNMV and Banco de España authorisations, MiCA compliance, MiFID II, PSD3, Solvency II, AML. Licences for EAFIs, SGIIC, payment institutions, and crypto-asset service providers.

AI Act compliance for high-risk AI systems: conformity assessments, technical documentation, CE marking, post-market monitoring, and EU database registration.

Structured DPIA methodology for high-risk processing: risk identification and mitigation, AEPD prior consultation management, and AI system impact assessments.

Incident response plans, tabletop exercises, breach containment, forensic investigation coordination, and regulatory notifications to AEPD and NIS2 supervisory authorities.

Independent internal investigations triggered by whistleblower reports (Law 2/2023), workplace harassment, fraud, bribery, and data breaches — forensic methodology, digital chain of custody, and criminal coordination.

Cross-border data transfer compliance: Standard Contractual Clauses, Transfer Impact Assessments, EU-US Data Privacy Framework, and Binding Corporate Rules for multinational groups.

Information Security Management System implementation and ISO 27001:2022 certification: from gap analysis and Statement of Applicability through the certification audit.

EU Network and Information Security Directive 2 compliance: scope assessment, control implementation, incident notification protocols, and board-level security governance.

Fully outsourced Data Protection Officer service: continuous GDPR compliance, AEPD liaison, supervisory authority management, and annual compliance reviews.

Article 25 GDPR implementation: privacy by design and by default for digital products, software, apps, and internal processes. Direct integration with product and engineering teams.

Outsourced Chief Information Security Officer for SMEs: strategic cybersecurity leadership, governance, and regulatory compliance without the cost of a full-time executive.

Implementation of internal whistleblowing channels under Spanish Law 2/2023 transposing EU Directive 2019/1937. Full Internal Information System design, investigation protocols, and confidentiality guarantees.