Skip to content
Our team

Sofia Navarro

Associate - Legal Division

Areas of expertise

Intellectual property Technology law AI regulation

Specializations

  • Software licensing
  • Data governance
  • EU AI Act compliance

Languages

Spanish English Galician

Biography

Role

Sofia Navarro is part of the BMC team as Associate - Legal Division, based in the Madrid office.

Practice areas

Book a consultation with Sofia Navarro

Pick a time that works for you. Instant confirmation · complimentary call · no commitment.

Loading availability…

Services led

Practice areas where Sofia serves as lead advisor or active contributor

Cybersecurity Audit

Security posture assessment, compliance audits (ENS, ISO 27001, NIS2), vulnerability assessment, penetration testing management, and third-party risk evaluation.

View service
Cyber Insurance Advisory

Cyber insurance advisory: policy review, coverage gap analysis, risk quantification for underwriters, claims management, and pre-renewal security improvement roadmap.

View service
DORA Compliance (Digital Operational Resilience)

Full implementation of the DORA framework (Regulation 2022/2554) for financial entities: ICT risk management, incident reporting, resilience testing, and ICT third-party risk.

View service
Cybersecurity Incident Response

Incident response plans, tabletop exercises, breach containment, forensic investigation coordination, and regulatory notifications to AEPD and NIS2 supervisory authorities.

View service
ISO 27001 Certification

Information Security Management System implementation and ISO 27001:2022 certification: from gap analysis and Statement of Applicability through the certification audit.

View service
NIS2 Compliance

EU Network and Information Security Directive 2 compliance: scope assessment, control implementation, incident notification protocols, and board-level security governance.

View service
Virtual CISO

Outsourced Chief Information Security Officer for SMEs: strategic cybersecurity leadership, governance, and regulatory compliance without the cost of a full-time executive.

View service
EU AI Act Compliance

Full compliance with the EU Artificial Intelligence Act: risk classification, conformity assessments, transparency obligations, and prohibited practice audits.

View service
Data Breach Management

Immediate data breach response: 72-hour AEPD notification, containment, impact assessment, affected individual communication, and post-breach remediation.

View service
AI Governance

AI governance frameworks, ethics committees, algorithmic auditing, bias detection, and AI system registries for responsible organisations.

View service
Cookie Compliance & Digital Consent

Cookie audit, Consent Management Platform implementation, LSSI-CE compliance, and ePrivacy Regulation preparation for websites and digital platforms.

View service
High-Risk AI Systems

AI Act compliance for high-risk AI systems: conformity assessments, technical documentation, CE marking, post-market monitoring, and EU database registration.

View service
Outsourced DPO (Data Protection Officer)

Fully outsourced Data Protection Officer service: continuous GDPR compliance, AEPD liaison, supervisory authority management, and annual compliance reviews.

View service
International Data Transfers

Cross-border data transfer compliance: Standard Contractual Clauses, Transfer Impact Assessments, EU-US Data Privacy Framework, and Binding Corporate Rules for multinational groups.

View service
Data Protection Impact Assessment (DPIA)

Structured DPIA methodology for high-risk processing: risk identification and mitigation, AEPD prior consultation management, and AI system impact assessments.

View service
Privacy by Design

Article 25 GDPR implementation: privacy by design and by default for digital products, software, apps, and internal processes. Direct integration with product and engineering teams.

View service
Financial Regulatory (CNMV, Banco de España, MiCA, MiFID II)

Financial regulatory advisory for financial entities, fintechs, and crypto-asset businesses in Spain: CNMV and Banco de España authorisations, MiCA compliance, MiFID II, PSD3, Solvency II, AML. Licences for EAFIs, SGIIC, payment institutions, and crypto-asset service providers.

View service
Data Protection & Privacy

GDPR and LOPDGDD compliance, outsourced DPO, and comprehensive privacy management for businesses.

View service
Unfair Competition & Competition Law

Defence and enforcement of unfair competition claims (Ley 3/1991, LCD) and competition law advisory: CNMC investigations, abuse of dominant position, cartel agreements, compliance programmes and private enforcement of competition damages.

View service
Domain Name Recovery (UDRP)

Recovery and defence of domain names through the WIPO UDRP procedure and EURID ADR proceedings for .eu domains. Cybersquatting and trade mark confusion disputes handled for complainants and registrants.

View service
Industrial Designs

Registration and defence of industrial designs in Spain and the EU: Law 20/2003, EU Regulation 6/2002 and procedure before the OEPM. Protection of the external appearance of products.

View service
Intellectual Property

Comprehensive protection of trademarks, patents, trade secrets, copyright, and IP assets in Spain and the European Union.

View service
Trade Secrets Protection

Protection of confidential business information, know-how, and technical data under the Trade Secrets Act. Preventive audits, NDA drafting, litigation, and urgent injunctive relief.

View service

Request a personalized consultation

Our experts are ready to analyze your situation and provide tailored solutions.

Email
Contact