Tenerife hosts one of the most active tourism economies in Spain: hotels, holiday apartments, incoming travel agencies and retailers process large volumes of personal data every day — reservations, passports, payment details — all of which fall within the scope of the GDPR (EU) 2016/679 and the LOPDGDD (LO 3/2018). Both regulations require every organisation, regardless of size, to implement adequate technical and organisational measures and to keep compliance documentation up to date.
Beyond tourism, the business fabric of Santa Cruz de Tenerife includes professional practices, clinics, estate agencies, homeowners' associations and hospitality businesses, each with their own obligations: the healthcare sector processes health data that are specially protected under Article 9 of the GDPR; premises with security cameras are subject to Article 22 of the LOPDGDD; and tourist accommodation manages records linked to the SES.Hospedajes system of the Spanish Ministry of the Interior. Non-compliance can lead to enforcement proceedings under the sanctioning regime established in Article 83 of the GDPR.
From our office in Las Palmas de Gran Canaria, with remote assistance and occasional on-site visits to Tenerife, Summum Consultoría guides companies and organisations on the island through GDPR compliance: initial diagnostic, record of processing activities (art. 30 GDPR), data processing agreements, information clauses and an external DPO service. The majority of the work is carried out remotely without the need for physical presence at every stage of the project.
The Cabildo Insular de Tenerife (Island Council) and the municipalities of the island — Santa Cruz, San Cristóbal de La Laguna, Arona, Adeje — are subject to the GDPR and, in most cases, must appoint a Data Protection Officer in accordance with Article 37.1.a) of the Regulation. Companies that contract with the Tenerife administration must demonstrate their regulatory compliance as part of the standard tendering requirements.