Data Protection

The CSIC is a public agency that is generally responsible for processing personal data, and as such follows the principle of proactive responsibility, to meet the obligations established by the General Data Protection Regulation and Law 3/2018 , 5 December, on the Protection of Personal Data and guarantee of digital rights.


These obligations include the duty to appoint a Data Protection Officer and communicate this to the AEPD. The CSIC Data Protection Officer is José López Calvo.

In the event that you wish to exercise a right of access, rectification, deletion, opposition or limitation, as well as to perform any operation related to the management of your personal data, you can contact the data protection delegate through one of the following contact forms:

Protección de datos

The regulation also requires that the inventory of processing activities be made public electronically. Through the following links you can access those corresponding to the central organization of the CSIC and those corresponding to the CSIC Centres and Institutes

The CSIC has fulfilled the other requirements existing in the area of data protection. These include the creation of internal mechanisms for the communication of any security breach, and the corresponding risk analysis, with the adoption of the appropriate security measures depending on the detected breach, as well as studies into the “evaluation of impact on privacy” in the cases where there are risks, mainly those detected linked to data processing within the framework of certain research projects.

The privacy policy of the CSIC is accessible through this link: