Skip to main content
Information for the interested party on data protection

3.2. Data Protection Officer

Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, relating to the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which Directive 95/46/EC, General Data Protection Regulation, is repealed, providing that those responsible and in charge of processing personal data must appoint a Data Protection Officer in the cases that the Regulation itself establishes, as well as in other cases. in which the legislation of the Member States also considers it mandatory.

Among the assumptions that require the appointment of a Delegate, there is one in which “the treatment is carried out by a public authority or body”, both as controller and as data processor (article 37.1.a). The role of the Delegate in organisations is to inform, advise, supervise and cooperate with the supervisory authority, as well as being the point of contact for interested parties.

The Tax Agency has a Tax Information Security and Control Commission created by the Resolution of January 26, 1998 of the Presidency of the State Tax Administration Agency, which created sectoral security and control commissions in all areas and regulated the composition, functions, operating rules and monitoring of the actions of the sectoral commissions.

The Tax Information Security and Control Commission is the collegiate body responsible for analyzing and evaluating risks, establishing and maintaining updated general criteria and guidelines on the use of tax and non-tax information managed by the Tax Agency to guarantee the privacy and security of the information, as well as agreeing and implementing measures to improve and strengthen security and control systems.

The Tax Information Security and Control Commission directs and verifies the Tax Agency's plan to adapt to the new Regulations. Among the decisions adopted by the Commission within the scope of the adaptation plan is that of appointing the secretary of the Commission for Security and Control of Tax Information Technology as Data Protection Delegate who, in order to carry out his work, will have the support of the Commission itself to cover all the functions required of such a position.

This decision was subsequently ratified with the approval of the Steering Committee of the Tax Agency and communicated to the Spanish Data Protection Agency, complying with the legal requirement set out in the General Data Protection Regulation.

Contact details:

Data Protection Officer of the Tax Agency

Santa Maria Magdalena Street, 16, 28016 Madrid

dpd@correo.aeat.es