Areas of expertise
Specializations
- Software licensing
- Data governance
- EU AI Act compliance
Languages
Biography
Role
Sofia Navarro is part of the BMC team as Associate - Legal Division, based in the Madrid office.
Practice areas
- Intellectual property
- Technology law
- AI regulation
Services led
Practice areas where Sofia serves as lead advisor or active contributor
Security posture assessment, compliance audits (ENS, ISO 27001, NIS2), vulnerability assessment, penetration testing management, and third-party risk evaluation.
View service Cyber Insurance AdvisoryCyber insurance advisory: policy review, coverage gap analysis, risk quantification for underwriters, claims management, and pre-renewal security improvement roadmap.
View service DORA Compliance (Digital Operational Resilience)Full implementation of the DORA framework (Regulation 2022/2554) for financial entities: ICT risk management, incident reporting, resilience testing, and ICT third-party risk.
View service Cybersecurity Incident ResponseIncident response plans, tabletop exercises, breach containment, forensic investigation coordination, and regulatory notifications to AEPD and NIS2 supervisory authorities.
View service ISO 27001 CertificationInformation Security Management System implementation and ISO 27001:2022 certification: from gap analysis and Statement of Applicability through the certification audit.
View service NIS2 ComplianceEU Network and Information Security Directive 2 compliance: scope assessment, control implementation, incident notification protocols, and board-level security governance.
View service Virtual CISOOutsourced Chief Information Security Officer for SMEs: strategic cybersecurity leadership, governance, and regulatory compliance without the cost of a full-time executive.
View service EU AI Act ComplianceFull compliance with the EU Artificial Intelligence Act: risk classification, conformity assessments, transparency obligations, and prohibited practice audits.
View service Data Breach ManagementImmediate data breach response: 72-hour AEPD notification, containment, impact assessment, affected individual communication, and post-breach remediation.
View service AI GovernanceAI governance frameworks, ethics committees, algorithmic auditing, bias detection, and AI system registries for responsible organisations.
View service Cookie Compliance & Digital ConsentCookie audit, Consent Management Platform implementation, LSSI-CE compliance, and ePrivacy Regulation preparation for websites and digital platforms.
View service High-Risk AI SystemsAI Act compliance for high-risk AI systems: conformity assessments, technical documentation, CE marking, post-market monitoring, and EU database registration.
View service Outsourced DPO (Data Protection Officer)Fully outsourced Data Protection Officer service: continuous GDPR compliance, AEPD liaison, supervisory authority management, and annual compliance reviews.
View service International Data TransfersCross-border data transfer compliance: Standard Contractual Clauses, Transfer Impact Assessments, EU-US Data Privacy Framework, and Binding Corporate Rules for multinational groups.
View service Data Protection Impact Assessment (DPIA)Structured DPIA methodology for high-risk processing: risk identification and mitigation, AEPD prior consultation management, and AI system impact assessments.
View service Privacy by DesignArticle 25 GDPR implementation: privacy by design and by default for digital products, software, apps, and internal processes. Direct integration with product and engineering teams.
View service Financial Regulatory (CNMV, Banco de España, MiCA, MiFID II)Financial regulatory advisory for financial entities, fintechs, and crypto-asset businesses in Spain: CNMV and Banco de España authorisations, MiCA compliance, MiFID II, PSD3, Solvency II, AML. Licences for EAFIs, SGIIC, payment institutions, and crypto-asset service providers.
View service Data Protection & PrivacyGDPR and LOPDGDD compliance, outsourced DPO, and comprehensive privacy management for businesses.
View service Unfair Competition & Competition LawDefence and enforcement of unfair competition claims (Ley 3/1991, LCD) and competition law advisory: CNMC investigations, abuse of dominant position, cartel agreements, compliance programmes and private enforcement of competition damages.
View service Domain Name Recovery (UDRP)Recovery and defence of domain names through the WIPO UDRP procedure and EURID ADR proceedings for .eu domains. Cybersquatting and trade mark confusion disputes handled for complainants and registrants.
View service Industrial DesignsRegistration and defence of industrial designs in Spain and the EU: Law 20/2003, EU Regulation 6/2002 and procedure before the OEPM. Protection of the external appearance of products.
View service Intellectual PropertyComprehensive protection of trademarks, patents, trade secrets, copyright, and IP assets in Spain and the European Union.
View service Trade Secrets ProtectionProtection of confidential business information, know-how, and technical data under the Trade Secrets Act. Preventive audits, NDA drafting, litigation, and urgent injunctive relief.
View serviceRequest a personalized consultation
Our experts are ready to analyze your situation and provide tailored solutions.