Get to know the Office of the Data Protection Delegate, who we are, what we do and the documentation we make available to you.

01.Who are we

The TIC Salut Social Foundation, an entity attached to the Department of Health, due to its configuration, purposes and characteristics, has been designated as Data Protection Delegate within the scope of the Department of Health, the Catalan Health Service and the Agency for Health Quality and Assessment of Catalonia (AQUAS), as well as the rest of its public sector entities that request it and with which the corresponding membership document is formalized.


The Data Protection Officer is responsible for ensuring compliance with data protection regulations, as well as ensuring that interested parties are informed of their rights and obligations in accordance with the provisions of the General Data Protection Regulation.

02.What we do


  • Inform and advise the person in charge or the person in charge and the workers about the obligations imposed by the data protection regulations.

  • Monitor compliance with regulations.

  • Advise on the impact assessment related to data protection.

  • Cooperate with the control authority.

  • Act as a point of contact for matters relating to treatment.


01 Training and deployment support

  • Help in the design and implementation of data protection policies.

  • Implementation of data protection measures from the design and default data protection appropriate to the risks and nature of the treatments.

  • Implementation of security measures appropriate to the risks and nature of the treatments.

  • Implementation of training programs and staff awareness in the field of data protection.

  • Support in the deployment of data protection aspects to the entities' teams.

02 Accompanying the compliance

  • Identification of the legal bases of the treatments.

  • Support in complying with the principles relating to treatment, such as purpose limitation, minimization or accuracy of data.

  • Hiring of data processors, including the content of contracts or legal acts that regulate the relationship between the data controller and the data controller.

  • Assessment of the compatibility of purposes other than those that originated the initial collection of the data.

  • Assessment of requests to exercise rights by interested parties.

  • Identification of the international data transfer instruments appropriate to the needs and characteristics of the organization and the reasons justifying the transfer.

  • Risk analysis of the treatments carried out.

  • Data protection audit.

  • Ex officio investigation or at the party's request.

03 Accompaniment to Impact Assessments

  • Determination of the need for data protection impact assessments.

  • Support for carrying out data protection impact assessments.

04 Cooperation with the control authorities

  • Establiment i gestió dels registres d’activitats de tractament.

  • Establishment of data security breach management procedures, including risk assessment for the rights and freedoms of those affected and notification procedures to supervisory authorities and those affected.

  • Prior consultation Art. 36.

  • Other inquiries

05 Interlocution and point of contact

  • Registration and follow-up of requests, inquiries and incidents at the DPD.

  • Establishment of mechanisms for the reception and management of requests for the exercise of rights by interested parties.

  • Liaison with the control authorities

  • Relations with the Health sector.

  • Coordination with the DPD group of the Health sector.

  • Coordination with the group of DPDs of the Generalitat and its public sector.

  • Portal of the DPD Office.

03.Internal documents of interest

DPD designation

  • Instruction 1/2018, of 16 May, on the temporary assignment of functions specific to the data protection delegate in the area of the Administration of the Generalitat and its public sector

  • Resolution of March 30, 2023, assigning the functions of data protection delegate to the TicSalut and Social Foundation, through the director of the Office of the Health Data Protection Delegate

Report on DPD Health activities