Structure

Director

Meritxell Borràs i Solé has been the director of the APDCAT since February 2022. The Plenary of the Catalan Parliament is who appoints the person at the head of the Authority, by a three-fifths majority, on the proposal of the Data Protection Advisory Board, and for a period of five years renewable only once.

The director’s mission is to lead and represent the agency with independence and objectivity, with functions that include issuing decisions and instructions and approving recommendations and opinions of the Authority.

Secretary General

The Secretary General of the Authority forms part of the Authority's management structure. This position is responsible for the coordination of the areas of human resources, recruitment and economic management, the internal structure, transparency and citizen services. Specifically, the functions attributed to this role include the management of assigned personal and material resources, the economic-administrative management of the Authority's budget, the control over the inventory of property and rights of the institution's assets, the preparation of the annual report, the hosting of conferences, seminars and other activities on personal data protection, and the management of the Authority's information systems.

Ester Obach Medrano is the general secretary of the Authority.

Legal Advisory Service

The Legal Advisory Service is responsible for the legal advisement and defence of the Authority, and the issuance of reports on draft rules with legal status or general provisions on the protection of personal data. It is also responsible for drawing up opinions in response to inquiries made by the entities in the APDCAT's scope of action on the protection of personal data. It includes the drafting of mandatory reports from the Authority on the claims of access to information that are presented to the Commission for the Guarantee of the Right of Access to Public Information (GAIP in its Catalan initials).

In addition, other functions deriving from the General Data Protection Regulation (GDPR) correspond to this area, such as the issuance of reports on prior consultations and the study and processing of files for the approval of codes of conduct or in matters of international transfers.

Xavier Urios Aparisi is the head of the Authority's Legal Advisory Service.

Inspection and Technical Area

The Inspection and Technical Area conducts inspections and control tasks, and drafts proposals for penalties for breaches of data protection regulations. It ensures compliance with current legislation on the protection of personal data and proposes resolutions to claims made by the affected persons in relation to their rights of access, rectification, deletion and opposition, as well as portability rights, the limitation of processing and the right not to be subject to automated individual decisions.

This area also carries out the audit plans and the management and control of notifications of personal data security violations to the APDCAT, in compliance with the obligations imposed by the GDPR.

Fina Valls Vila is the head of the Authority's Inspection and Technical Area.

Coordinació de Tecnologia i Seguretat de la Informació

The person who carries out the coordination of Technology and Information Security is responsible for strategically advising the management of the APDCAT on technological matters, and analysing the impact of emerging technologies on privacy. This position directs the information and communication technologies of the APDCAT, and is responsible for corporate security. In addition, it is also responsible for directing and coordinating consulting and support tasks to all areas of the APDCAT regarding technology and information security, depending on their needs and specificities. This figure also conducts the assessment of the impact of risks to personal data of the APDCAT, and proposes preventive measures encompassing multidisciplinary solutions. Finally, this person directs and coordinates the advisement and support given to the Inspection Area in the scope of information security and the preparation of preventive audit plans.

Albert Serra Pagès is the Authority's Technology and Information Security coordinator.