Areas of expertise
Specializations
- External Data Protection Officer (DPO)
- Legal cybersecurity
- Due diligence on corporate transactions
- Tourist rental & real estate regulation
- Criminal compliance (Art. 31 bis CP)
Languages
Biography
Role
Bárbara Botía is part of the BMC team as Senior Lawyer — Legal Division, based in the Murcia office.
Practice areas
- Data protection & privacy
- Corporate compliance
- Commercial and civil law
- Real estate law
- Legal due diligence
Book a consultation with Bárbara Botía
Pick a time that works for you. Instant confirmation · complimentary call · no commitment.
Loading availability…
Services led
Practice areas where Bárbara serves as lead advisor or active contributor
Criminal compliance for businesses in Madrid: Article 31 bis CP programme, whistleblowing channel Law 2/2023, compliance officer and Anticorruption Prosecutor defence.
View service Cybersecurity AuditSecurity posture assessment, compliance audits (ENS, ISO 27001, NIS2), vulnerability assessment, penetration testing management, and third-party risk evaluation.
View service Cyber Insurance AdvisoryCyber insurance advisory: policy review, coverage gap analysis, risk quantification for underwriters, claims management, and pre-renewal security improvement roadmap.
View service DORA Compliance (Digital Operational Resilience)Full implementation of the DORA framework (Regulation 2022/2554) for financial entities: ICT risk management, incident reporting, resilience testing, and ICT third-party risk.
View service Cybersecurity Incident ResponseIncident response plans, tabletop exercises, breach containment, forensic investigation coordination, and regulatory notifications to AEPD and NIS2 supervisory authorities.
View service ISO 27001 CertificationInformation Security Management System implementation and ISO 27001:2022 certification: from gap analysis and Statement of Applicability through the certification audit.
View service NIS2 ComplianceEU Network and Information Security Directive 2 compliance: scope assessment, control implementation, incident notification protocols, and board-level security governance.
View service Virtual CISOOutsourced Chief Information Security Officer for SMEs: strategic cybersecurity leadership, governance, and regulatory compliance without the cost of a full-time executive.
View service Corporate SecretarialEnd-to-end management of corporate obligations: general meetings, minutes, share register, accounts filing, and Commercial Registry matters.
View service Entity ManagementFull-service corporate entity administration that frees your leadership team from the operational burden of compliance.
View service EU AI Act ComplianceFull compliance with the EU Artificial Intelligence Act: risk classification, conformity assessments, transparency obligations, and prohibited practice audits.
View service Data Breach ManagementImmediate data breach response: 72-hour AEPD notification, containment, impact assessment, affected individual communication, and post-breach remediation.
View service AI GovernanceAI governance frameworks, ethics committees, algorithmic auditing, bias detection, and AI system registries for responsible organisations.
View service Compliance Risk MappingComprehensive compliance risk mapping: regulatory obligation register, risk heat maps, multi-regulatory gap analysis (GDPR, NIS2, AI Act, AML), and regulatory change management.
View service Cookie Compliance & Digital ConsentCookie audit, Consent Management Platform implementation, LSSI-CE compliance, and ePrivacy Regulation preparation for websites and digital platforms.
View service High-Risk AI SystemsAI Act compliance for high-risk AI systems: conformity assessments, technical documentation, CE marking, post-market monitoring, and EU database registration.
View service Outsourced DPO (Data Protection Officer)Fully outsourced Data Protection Officer service: continuous GDPR compliance, AEPD liaison, supervisory authority management, and annual compliance reviews.
View service International Data TransfersCross-border data transfer compliance: Standard Contractual Clauses, Transfer Impact Assessments, EU-US Data Privacy Framework, and Binding Corporate Rules for multinational groups.
View service Data Protection Impact Assessment (DPIA)Structured DPIA methodology for high-risk processing: risk identification and mitigation, AEPD prior consultation management, and AI system impact assessments.
View service Privacy by DesignArticle 25 GDPR implementation: privacy by design and by default for digital products, software, apps, and internal processes. Direct integration with product and engineering teams.
View service Anti-Money Laundering (AML)AML/CFT compliance programme for entities subject to Spain's Law 10/2010: policies, procedures, training, and SEPBLAC liaison.
View service Criminal ComplianceCorporate criminal compliance programmes to exempt or mitigate the criminal liability of legal entities under Article 31 bis of the Spanish Criminal Code.
View service Criminal Defence for Money LaunderingSpecialised legal defence for individuals and companies investigated for money laundering (Art. 301–304 CP). Technical defence of rights before the judicial police, the Public Prosecutor's Office and the examining courts.
View service Criminal Defence for Tax FraudTax crime defence (Art. 305 CP): expert quantification of the evaded tax quota, voluntary disclosure before charge, and litigation strategy from the AEAT inspection through to oral trial.
View service Criminal Defence for Unfair AdministrationSpecialised legal defence for directors, authorised signatories and executives investigated for unfair administration (Art. 252 CP). Comprehensive strategy from investigation to trial, with coordination of parallel civil corporate liability proceedings.
View service DAC8 and Crypto-Asset Tax ObligationsAdvisory on compliance with the DAC8 Directive (EU 2023/2226) on crypto-asset information exchange, in force from 2026. Obligations for CASP providers and user reporting.
View service Financial Regulatory (CNMV, Banco de España, MiCA, MiFID II)Financial regulatory advisory for financial entities, fintechs, and crypto-asset businesses in Spain: CNMV and Banco de España authorisations, MiCA compliance, MiFID II, PSD3, Solvency II, AML. Licences for EAFIs, SGIIC, payment institutions, and crypto-asset service providers.
View service Data Protection & PrivacyGDPR and LOPDGDD compliance, outsourced DPO, and comprehensive privacy management for businesses.
View service Internal Corporate InvestigationsIndependent internal investigations triggered by whistleblower reports (Law 2/2023), workplace harassment, fraud, bribery, and data breaches — forensic methodology, digital chain of custody, and criminal coordination.
View service Whistleblowing Channel (EU Directive)Implementation of internal whistleblowing channels under Spanish Law 2/2023 transposing EU Directive 2019/1937. Full Internal Information System design, investigation protocols, and confidentiality guarantees.
View service Digital Evidence & E-DiscoveryDigital evidence preservation with chain of custody, forensic IT coordination, e-discovery in arbitration and litigation, and acquisition of admissible electronic evidence for Spanish and international proceedings.
View servicePublished analysis
Articles and reports published by Bárbara
Arraigo Social vs Arraigo Sociolaboral after RD 1155/2024: Key Differences
26 May 2026 · immigration, regularization
Digital Nomad Visa Renewal Spain 2026: Deadlines & Requirements
26 May 2026 · immigration, digital-nomad
EU Blue Card Spain 2026: Updated Salary Threshold and Full Requirements
26 May 2026 · immigration, eu-blue-card
EX-01 Form: Complete Guide to the Non-Lucrative Visa Application in Spain 2026
26 May 2026 · immigration, visas
EX-02 Family Reunification in Spain 2026: Updated Economic Requirements
26 May 2026 · immigration, family-reunification
EX-17: Document Checklist for Long-Term Residence in Spain 2026
26 May 2026 · immigration, residence
Extraordinary Regularisation Spain 2026: Requirements and Deadline
26 May 2026 · immigration, regularization
Golden Visa Alternatives in Spain After Its Abolition in April 2025
26 May 2026 · immigration, investors
Request a personalized consultation
Our experts are ready to analyze your situation and provide tailored solutions.