Sofia Navarro Estevez

Full compliance with the EU Artificial Intelligence Act: risk classification, conformity assessments, transparency obligations, and prohibited practice audits.

AI governance frameworks, ethics committees, algorithmic auditing, bias detection, and AI system registries for responsible organisations.

Immediate data breach response: 72-hour AEPD notification, containment, impact assessment, affected individual communication, and post-breach remediation.

Cookie audit, Consent Management Platform implementation, LSSI-CE compliance, and ePrivacy Regulation preparation for websites and digital platforms.

Cyber insurance advisory: policy review, coverage gap analysis, risk quantification for underwriters, claims management, and pre-renewal security improvement roadmap.

Security posture assessment, compliance audits (ENS, ISO 27001, NIS2), vulnerability assessment, penetration testing management, and third-party risk evaluation.

GDPR and LOPDGDD compliance, outsourced DPO, and comprehensive privacy management for businesses.

Recovery and defence of domain names through the WIPO UDRP procedure and EURID ADR proceedings for .eu domains. Cybersquatting and trade mark confusion disputes handled for complainants and registrants.

Full implementation of the DORA framework (Regulation 2022/2554) for financial entities: ICT risk management, incident reporting, resilience testing, and ICT third-party risk.

Financial regulatory advisory for financial entities, fintechs, and crypto-asset businesses in Spain: CNMV and Banco de España authorisations, MiCA compliance, MiFID II, PSD3, Solvency II, AML. Licences for EAFIs, SGIIC, payment institutions, and crypto-asset service providers.

AI Act compliance for high-risk AI systems: conformity assessments, technical documentation, CE marking, post-market monitoring, and EU database registration.

Structured DPIA methodology for high-risk processing: risk identification and mitigation, AEPD prior consultation management, and AI system impact assessments.

Incident response plans, tabletop exercises, breach containment, forensic investigation coordination, and regulatory notifications to AEPD and NIS2 supervisory authorities.

Registration and defence of industrial designs in Spain and the EU: Law 20/2003, EU Regulation 6/2002 and procedure before the OEPM. Protection of the external appearance of products.

Comprehensive protection of trademarks, patents, trade secrets, copyright, and IP assets in Spain and the European Union.

Cross-border data transfer compliance: Standard Contractual Clauses, Transfer Impact Assessments, EU-US Data Privacy Framework, and Binding Corporate Rules for multinational groups.

Information Security Management System implementation and ISO 27001:2022 certification: from gap analysis and Statement of Applicability through the certification audit.

EU Network and Information Security Directive 2 compliance: scope assessment, control implementation, incident notification protocols, and board-level security governance.

Fully outsourced Data Protection Officer service: continuous GDPR compliance, AEPD liaison, supervisory authority management, and annual compliance reviews.

Article 25 GDPR implementation: privacy by design and by default for digital products, software, apps, and internal processes. Direct integration with product and engineering teams.

Protection of confidential business information, know-how, and technical data under the Trade Secrets Act. Preventive audits, NDA drafting, litigation, and urgent injunctive relief.

Defence and enforcement of unfair competition claims (Ley 3/1991, LCD) and competition law advisory: CNMC investigations, abuse of dominant position, cartel agreements, compliance programmes and private enforcement of competition damages.

Outsourced Chief Information Security Officer for SMEs: strategic cybersecurity leadership, governance, and regulatory compliance without the cost of a full-time executive.