This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide
the accesskey _ mod _ content

Audit of safety of information systems -Reglamento General data protection

  • Summary:
    Is an application that enables the organization to keep a record of activities of processing of personal data as well as to facilitate the implementation of the rest of obligations of the General regulation of data protection (RGPD) and Organic Law 3/2018, 5 December, of protection of personal data and guarantee of digital rights (LOPD-GDD), including the realization of risk analysis of treatment for the rights and freedoms of individuals, and, in its case, the impact assessment of processing operations in the protection of personal data. This is based on a series of questionnaires carefully made that each Responsible for Treatment of personal data must be completed on treatments under its responsibility.
    Target audience:
    Any Public Administration
    Agencies Responsible:
    Labour ministry, migrations and Social security
    Branch of work, migrations and Social security
    S.G. Technologies of the information and communications
    Installable product

    Type of Solution:
    Status of the Solution:
    Organic Area:
    Technical Area:
    Standardisation and regulation
    Subtype of data model:
    Information structure (semantic Standard)
    Functional Area:
    Government and the public Sector
    This License for AAPP
    Interoperability level:
    Programming language:
    Operating system:


    The goal is to implement the Regulation (HAT) 2016/679 OF THE EUROPEAN PARLIAMENT AND of the board of 27 April 2016 on the protection of individuals with regard to the treatment of personal data and on the free movement of such data and to the Organic Law 3/2018, 5 December, of protection of personal data and guarantee of digital rights (LOPD-GDD).

    ASSI-RGPD is an application that allows each responsible for processing of personal data the following activities, for each of the treatments of personal data (TDP) of which is responsible:

    • Provide the necessary information of each TDP to be included in the register of treatment activities required by the General regulation of data protection (RGPD) and in the inventory of LOPD-GDD treatments.
    • Perform risk analysis of treatment for the rights and freedoms of individuals, and, in its case, the impact assessment of processing operations in the protection of personal data. This will determine the security package of National security Scheme (NHIS), measures ENS Type I or measures ENS Type (II, which intends to apply to securizar the processing of personal data and, in its case, the notice to the maintainer of treatment to perform the impact assessment Widespread for certain treatments of personal data, as established by the AEPD in https :// .
    • Verify compliance with the rest of regulatory aspects of RGPD and LOPD-GDD.

    Estas actividades se realizan cumplimentando una serie de cuestionarios por parte de los responsables de TDP para cada uno de los TDPs bajo su responsabilidad.

    It presents a series of reports, documents, etc, with the aim of helping in the fulfilment of the obligations that sets the RGPD and LOPD-GDD.


    26 November 2019

    New version of ASSI-RGPD Unshade accordion

    In this new version provides the following improvements/features/…..:

    • Adaptación al contenido de la LOPD-GDD publicada en Diciembre del año pasado (menores, infracciones administrativas y penales, fallecidos, recomendaciones a los Responsables de Tratamiento, encargados de tratamiento, consentimiento,…)
    • Improvements in the content contained/removable ASSI-RGPD:

      Institutional - email unity for not publish emails Responsible professionals treatment).

      - Generation and export of registration of treatment activities (RAT).

      - Best wording of some texts that appear in the tab Risk analysis and impact assessment (for example: instead of DO the treatment involves making a video surveillance on a large scale? will appear Is there a systematic observation on a large scale of an area of public access (for example: CCTV with automatic detection and recognition of the identity of the people in a public square)?

      - Extension of the size of text of several fields for the person responsible for processing can properly document (Name of treatment and necessity and proportionality of operations).

    - Improvement of aid that offers the application (content that goes to the RAT, explanation of the process of calculation of measures ENS Type I and measures ENS Type II, what information required to sign the pdf containing for a treatment of personal data all the information entered in ASSI-RGPD, etc).

    • New version of the drafts of clauses informative.
    • Improvements in the generation and extraction of reports (report of treatments, registration of activities of treatments, Report, qualitative and Quantitative Report).
    • Histórico de eliminaciones y recuperaciones justificadas de tratamientos de datos personales (TDP) junto con la identificación de quiénes lo hicieron y cuándo lo hicieron.
    • From administration management of the implementation of the structure and contents of the library of Responsible aid TDP (files doc with forms, rights of stakeholders, recommendations for the recruitment of responsible for treatment, regulations, etc).
    • Mejoras en el formato del contenido del pdf que se genera.
    • Generación de un aviso al Responsable de Tratamiento para que, en su caso, realice una Evaluación de Impacto Extendida relativa a ciertos tratamientos atendiendo a lo establecido por la AEPD en https ://
    • Updating the User Manual.

    Has been uploaded to the both PAE version 2.1.0 as the upgrade from the previous version (1.1.16) to version 2.1.0


    In this area you can register to receive notification of changes that occur in news, documents or forums associated with the settlement or the active semantic.

    - PAe subscription management

    The fields with an asterisk * are required. It must mark at least one of the subscription rushes (News, documents or forums) and indicate the email in the text field indicated for the high or low of subscription.

    Enter the email with which you want to receive notifications of the solution or the active semantic.


    Enter the email to unsubscribe from the unsubscribe.
General access point
General access point