Transparency advisory for SMEs in Valladolid: how to comply

·

When the Transparency Act —Law 19/2013 of 9 December on transparency, access to public information and good governance— is mentioned, most SME managers assume it is «a government matter». That is a costly mistake. If your company receives grants or public aid exceeding 100,000 euros per year, or if public aid represents more than 40% of your annual income and exceeds 5,000 euros, you fall within the scope of the law. And if you also compete in public tenders in Castilla y León, transparency has moved from advisable to a technical evaluation criterion.

This article answers the question we receive every week at our Valladolid offices: what exactly does the law require, from whom, and how can this be organised without setting up a new department? Summum Marketing has been supporting SMEs through regulatory compliance processes since 2007, and in this text we share what really matters to know before hiring any compliance consultancy.

What Law 19/2013 actually requires of an SME

The law has two main parts. The first —active publicity— requires proactively publishing information without waiting for anyone to request it. The second —right of access— requires responding to information requests within specific timeframes. For private companies, the law is triggered mainly through three routes:

It is important to distinguish these obligations from those imposed by regional legislation. Castilla y León has its own regional legislation —Law 3/2015 of 4 March on Transparency and Citizen Participation of Castilla y León— although its subjective scope focuses on the regional public sector. Additionally, several local authorities —including Valladolid City Council— have incorporated additional requirements into their grant terms and procurement specifications since 2022. The Transparency Commissioner of Castilla y León (Comisionado de Transparencia) acts as an independent supervisory body and issues resolutions with interpretative value for SMEs in the region.

The active publicity obligations that most affect SMEs

Many SMEs interpret «publishing information» as «uploading a PDF to the website». The reality is more structured. Active publication must be permanent, accessible, free and understandable. An obscure section on a website or unindexed scanned documents do not meet the standard. These are the minimum blocks that the law requires from subject private companies:

Information block What must be published Update timeframe
Institutional and organisational information Management structure, functions, articles of association or deeds, applicable regulations Upon any relevant change
Financial and budgetary information Audited annual accounts, maximum remuneration of senior executives, grants received with amount and purpose Annually, within 6 months of the year-end
Information on contracts and agreements Agreements signed with public authorities, amendments and early termination Within 3 months of signing
Administrative acts with external effects Resolutions affecting third parties, sanctions received from public authorities Monthly or upon each act

Non-compliance with these obligations can result in the repayment of grants received (Art. 37 of the General Grants Law) and temporary disqualification from contracting with public authorities. These are concrete, not theoretical, consequences.

The right of access and the deadlines you cannot miss

The right of access to public information allows any person —without needing to justify the reason— to request information held by your company if you are subject to the law. The timeframes are very strict:

For an SME without dedicated staff for this function, receiving an access request in the middle of day-to-day operations can be a serious problem. Compliance consultancy resolves this with a documented procedure: who receives the request, what information can be provided and what is confidential (trade secrets, personal data of third parties, strategic information), how the response is drafted and what records are maintained.

What a real Transparency Act compliance process includes

When a company engages the Transparency Act compliance service with Summum Consultoría, the work does not consist of drafting a document and disappearing. The process has four phases that ensure compliance is real and auditable:

Phase 1 — Situation diagnosis

We review the income flows from the past 24 months to determine whether the company falls within the subjective scope of the law. Many SMEs discover at this stage that they are not required to comply because their contracts with public authorities do not exceed the thresholds —which avoids an unnecessary project—. If they are within scope, we document what information is already published, in what format and how regularly.

Phase 2 — Transparency portal design

The publication channel can be a section within the existing corporate website, a dedicated microsite, or a repository on the Public Sector Contracting Platform if the company regularly tenders. We design the content structure, publication formats (open CSV for numerical data, HTML for text, accessible tagged WCAG PDF for documents) and the update calendar assigned to specific responsible individuals.

Phase 3 — Access request management procedure

We draft the internal procedure for handling the right of access: reception form, decision tree for classifying information (deliverable / restricted / reserved), response templates and request register. We train the person or persons assigned within the company.

Phase 4 — Annual review and maintenance

Transparency is not a one-off project. Accounts close every year, agreements are renewed, executives change. We support system maintenance with an annual review ensuring the published information is up to date and the procedure remains operational.

Transparency and public tenders in Castilla y León: the practical connection

This is the argument that most convinces SME managers in Valladolid competing for public contracts: having an implemented and documented transparency system scores points. The specifications of the Junta de Castilla y León and the main local authorities in the region have included since 2023 technical evaluation criteria that explicitly include adherence to good governance principles and the existence of verifiable transparency systems.

There is a significant difference between declaring «we comply with the Transparency Act» and demonstrating an operational portal with a publication history, a documented procedure and a record of requests handled. The second has immediate evidential value. If your competitor in the tender has that documentation and you do not, the difference can be decisive in the technical score.

For more on how to approach public tenders in the region, you can consult our public tendering support service in Castilla y León.

Transparency and GDPR: the most common friction points

The main technical issue we encounter in compliance projects is the tension between the obligation to publish and data protection. The Transparency Act is not an exception to the GDPR: when information to be published contains personal data (employees, partners, executives), the processing must comply with Regulation (EU) 2016/679 and Organic Law 3/2018 (LOPDGDD).

In practice this translates into three operational rules:

  1. Anonymise or pseudonymise where possible before publishing data containing non-essential personal information.
  2. Document the legal basis when publishing information that does include personal data (normally, compliance with a legal obligation).
  3. Review the record of processing activities to include processing arising from active publicity and from the management of access requests.

Getting this integration right prevents problems: we have seen companies publish executive remuneration data including full names, simultaneously achieving Transparency Act compliance and committing a GDPR infringement. Integrated advisory avoids these errors.

Indicative cost of the process: factors that move the price

Although Summum Consultoría does not publish fixed rates —each project depends on the starting situation— we can provide guidance on the market factors that determine the cost of a Transparency Act compliance project for an SME:

In the Spanish market, Transparency Act compliance projects for SMEs with between 10 and 50 employees typically range from 1,500 to 6,000 euros for the initial project, with annual maintenance of between 500 and 1,500 euros. More complex projects —with full GDPR integration, web development and team training— may exceed these figures. These figures are indicative market estimates; the actual cost of each project depends on the factors described above and should be quoted on an individual basis.

Frequently asked questions

Are all companies that receive any public grant required to comply?

No. The thresholds are clear: you must have received during the previous financial year grants or public aid amounting to 100,000 euros or more, or the aid must represent at least 40% of total annual income and exceed 5,000 euros. A company that receives an 8,000-euro digitalisation grant (Kit Digital, for example) is not within scope on that basis alone. It is advisable to review the total public income for the financial year before concluding whether the law applies or not.

Does the law require publishing executives' salaries?

Yes, within certain limits. Private entities subject to the law must publish the annual remuneration received by senior managers. However, publication is normally done on an aggregated basis by position or by bands, not with full names, to respect the GDPR. The level of detail required depends on the interpretation of the competent Transparency Council and the conditions of the agreement or contract that generates the obligation.

What happens if we receive an access request for information we consider confidential?

The law recognises limits to the right of access: national security, trade secrets, personal data, intellectual property, among others. If the information requested falls within those limits, the company may deny access in whole or in part, but must provide written justification for the denial within the one-month deadline. An unjustified denial or silence are worse options: they give the applicant grounds to complain to the Transparency Council or to take the matter to the administrative courts.

Does it make sense to implement a transparency system if we are not formally required to?

It depends on the commercial strategy. If the company competes in public tenders, works with large corporations that require compliance policies from their suppliers, or wants to demonstrate good governance to investors or financial institutions, a voluntary transparency system provides demonstrable differential value. In those cases, the project is usually combined with the corporate governance service for SMEs, which integrates transparency, business ethics and decision-making structure into a single framework.