This website has been translated by machine translation software and has not been subsequently revised by translators. Further information at: link. Hide
the accesskey _ mod _ content

Auditoría de Seguridad de los Sistemas de Información -Reglamento General de Protección de Datos

  • Summary:
    Is an application that enables the organization to keep a record of activities of processing of personal data as well as to facilitate the implementation of the rest of obligations of the General regulation of data protection (RGPD) and Organic Law 3/2018, 5 December, of protection of personal data and guarantee of digital rights (LOPD-GDD), including the realization of risk analysis of treatment for the rights and freedoms of individuals, and, in its case, the impact assessment of processing operations in the protection of personal data. This is based on a series of questionnaires carefully made that each Responsible for Treatment of personal data must be completed on treatments under its responsibility.
    Target audience:
    Any Public Administration
    Agencies Responsible:
    Labour ministry, migrations and Social security
    Branch of work, migrations and Social security
    S.G. Technologies of the information and communications
    Installable product

    Type of Solution:
    Status of the Solution:
    Organic Area:
    Technical Area:
    Standardisation and regulation
    Subtype of data model:
    Information structure (semantic Standard)
    Functional Area:
    Government and the public Sector
    This License for AAPP
    Interoperability level:
    Programming language:
    Operating system:


    The goal is to implement the Regulation (HAT) 2016/679 OF THE EUROPEAN PARLIAMENT AND of the board of 27 April 2016 on the protection of individuals with regard to the treatment of personal data and on the free movement of such data and to the Organic Law 3/2018, 5 December, of protection of personal data and guarantee of digital rights (LOPD-GDD).

    ASSI-RGPD is an application that allows each responsible for processing of personal data the following activities, for each of the treatments of personal data (TDP) of which is responsible:

    • Provide the necessary information of each TDP to be included in the register of treatment activities required by the General regulation of data protection (RGPD) and in the inventory of LOPD-GDD treatments.
    • Realizar el análisis de riesgos del tratamiento para los derechos y libertades de las personas físicas, y, en su caso, la evaluación del impacto de las operaciones de tratamiento en la protección de datos personales. Esto determinará el conjunto de medidas de seguridad del Esquema Nacional de Seguridad (ENS), Medidas ENS Tipo I o Medidas ENS Tipo II, que se propone aplicar para securizar el tratamiento de datos personales, y en su caso, el aviso al Responsable de Tratamiento para que realice la Evaluación de Impacto Extendida para ciertos tratamientos de datos personales, atendiendo a lo establecido por la AEPD en https :// .
    • Verificar el cumplimiento del resto de aspectos normativos del RGPD y la LOPD-GDD.

    These activities are carried out by completing a series of questionnaires by those responsible of TDP for each TDPs under its responsibility.

    Además, se proporcionan una serie de informes, documentos, etc, con la finalidad de ayudar en el cumplimiento de las obligaciones que establece el RGPD y la LOPD-GDD.


    21 January 2020

    PRIZE AEPD 2019 Unshade accordion

    The SGTIC of MITRAMISS was awarded for its AEPD in subparagraph of "good practices in privacy and personal data protection on initiatives to adapt to the European regulation of data protection" in the form of public sector entities by the application ASSI-RGPD ( https :// ).

    26 November 2019

    New version of ASSI-RGPD Unshade accordion

    In this new version provides the following improvements/features/…..:

    • Adaptation to the content of the LOPD-GDD published in December last year (minors, administrative and criminal offences, dead, recommendations to those responsible for treatment, responsible for treatment, consent, …)
    • Improvements in the content contained/removable ASSI-RGPD:

      Institutional - email unity for not publish emails Responsible professionals treatment).

      - Generation and export of registration of treatment activities (RAT).

         -   Mejor redacción de algunos textos que aparecen en la pestaña Risk analysis and impact assessment (for example: instead of DO the treatment involves making a video surveillance on a large scale? will appear ¿Se realiza una observación sistemática a gran escala de una zona de acceso público (por ejemplo: videovigilancia con detección y reconocimiento automático de la identidad de las personas en una plaza pública)?

           -  Ampliación del tamaño de texto de varios campos para que el Responsable del Tratamiento pueda documentar adecuadamente (Nombre del tratamiento y Necesidad y proporcionalidad de las operaciones).

           -  Mejora de las ayudas que ofrece la aplicación (contenido que va al RAT, explicación del proceso de cálculo de las Medidas ENS Tipo I y Medidas ENS Tipo II, qué información falta para poder firmar el pdf que recoge para un Tratamiento de Datos Personales toda la información introducida en ASSI-RGPD, etc).

    • New version of the drafts of clauses informative.
    • Improvements in the generation and extraction of reports (report of treatments, registration of activities of treatments, Report, qualitative and Quantitative Report).
    • Deletes historical justified and recoveries treatments of personal data (TDP) together with the identification of who did and when did.
    • From administration management of the implementation of the structure and contents of the library of Responsible aid TDP (files doc with forms, rights of stakeholders, recommendations for the recruitment of responsible for treatment, regulations, etc).
    • Improvements in the format of the content of the pdf generated.
    • Generación de un aviso al Responsable de Tratamiento para que, en su caso, realice una Evaluación de Impacto Extendida relativa a ciertos tratamientos atendiendo a lo establecido por la AEPD en https ://
    • Updating the User Manual.

    Has been uploaded to the both PAE version 2.1.0 as the upgrade from the previous version (1.1.16) to version 2.1.0


    In this area you can register to receive notification of changes that occur in news, documents or forums associated with the settlement or the active semantic.

    - PAe subscription management

    The fields with an asterisk * are required. It must mark at least one of the subscription rushes (News, documents or forums) and indicate the email in the text field indicated for the high or low of subscription.

    Enter the email with which you want to receive notifications of the solution or the active semantic.


    Enter the email to unsubscribe from the unsubscribe.
General access point
General access point