- Categories
- Strategy→
- Execution→
- Artificial Intelligence→
- Training and talks→
- Customer experience→
- External leadership→
Strategy and diagnosis

Strategy consulting Brand audit Marketing plan Positioning Audience mapping Brand archetypes
See all strategy services →

Execution and channels

Branded content Applied neuromarketing Attribution models SEO and SEM Marketing automation Corporate identity Packaging Out-of-home advertising
See all execution services →

Artificial intelligence applied to marketing

AI applied to marketing Predictive analytics with AI Generative AI for content Chatbots and conversational support Personalisation at scale AI training for teams AI audit and governance
See AI services →

Training, talks and keynotes

Talks and keynotes In-company training Business schools · master's · MBA Open masterclasses Applied neuromarketing Branded content AI for marketing teams Strategy and leadership
See all training programmes →

Customer experience

Experience design (CX) Customer journey mapping Gamification Point-of-sale marketing
See customer experience →

External marketing leadership

External marketing department Interim CMO Executive coaching Communications and PR
See external leadership →

Featured

Flagship service

Full strategy consulting engagement.

12 weeks, 4 phases, an operating plan that works as an executable playbook. From €8,500 + VAT.
See the service →
- By category
- Industry→
- Geography→
- Scope→
- Company size→
Industries I work with

Wineries and wine Agri-food Banking and financial services Tourism and hospitality Manufacturing Public sector Technology and SaaS Retail and consumer goods
See all industries →

Where I work

Valladolid Burgos Aranda de Duero Las Palmas de Gran Canaria Castile and León Canary Islands Rest of Spain
Coverage map →

Commercial scope

B2B Consumer brands (B2C) Executive personal branding Place branding
See scopes →

By company size

SMEs (10-50 employees) Mid-sized companies (50-250) Large companies (250+) Family business Founders and startups
See by size →

Featured

New approach

The Canary Islands, a market with its own identity.

How to do marketing and branded content in Las Palmas without falling into tourist clichés.
See local approach →
- By topic
- Branded content→
- Neuromarketing→
- Strategy→
- Analytics→
- Resources→
Branded content and storytelling

Cuánto · Banco Santander Aprendemos Juntos · BBVA What is branded content Success stories
All branded content insights →

Neuroscience applied to marketing

Concept and applications Eye-tracking in advertising EEG and emotional response Consumer cognitive biases
All neuromarketing insights →

Strategy and classics

Marketing myopia · Levitt Utility marketing Inbound vs outbound Trout and Ries on positioning
All strategy insights →

Analytics and measurement

Attribution models Programmatic advertising GA4 and real indicators ROAS, MER and metrics that matter
All analytics insights →

Downloadable resources

Strategy templates Monthly newsletter Essential reading list Marketing glossary
See all resources →

Essential reading

Classic

Marketing myopia, 65 years on.

Why companies with strong products still lose market share, and how to avoid strategic myopia today.
Read article →
About

Compliance · Cybersecurity

Cybersecurity with legal and technical judgement.

Actualizado: 21 de mayo de 2026

Independent consulting in marketing, regulatory compliance (ISO, ENS, GDPR), digitization and B2B sales from Aranda de Duero (Castilla y Leon) covering all of Spain.

Independent consulting in marketing, regulatory compliance (ISO, ENS, GDPR), digitization and B2B sales from Aranda de Duero (Castilla y Leon) covering all of Spain.

GDPR (RGPD in Spain), NIS2, DORA, MAGERIT risk analysis (Spanish public-sector methodology), security master plan, incident management and data protection officer (DPO). For private organisations, public bodies and essential service providers.

Regulatory compliance without useless paperwork.

Spanish and European cybersecurity regulation has grown enormously: GDPR (2018), LOPDGDD (2018, the Spanish data protection act), National Security Framework (2010 + 2022 update), NIS2 (transposition 2024-25), DORA (2025). Each one has its own scope and specific obligations.

My job: help you understand what actually applies to you, in what order to tackle compliance, which controls are critical and which are cosmetic, and how to demonstrate it when audit time comes.

Published articles on cybersecurity.

GDPR for organisations · Compliance and sanctions

GDPR for SMEs · Compliance in 10 steps

Data protection officer · When mandatory and duties

Data protection impact assessment (DPIA)

Spanish cybersecurity regulation · GDPR, ENS, NIS2, DORA

Security master plan · Cybersecurity strategy

SME cybersecurity plan · 20 essential measures

Cybersecurity audit · Full assessment

Cybersecurity consultancy · Services and costs

Ransomware · Prevention, detection and recovery

Email security · SPF, DKIM, DMARC anti-phishing

Cloud security · Protecting organisational data

Does your organisation need help with compliance?

Book a free session →

Frequently asked questions

How does this apply to my SME?

It applies as long as you serve Spanish customers or process Spanish data; the framework is mandatory above thresholds we summarise in the table.

What does it cost in 2026?

Indicative ranges for SMEs 10-50 employees: 2,500-12,000 EUR for documentation + auditor fees vary by AENOR / BV / SGS / LRQA.

Which Spanish regulation applies?

BOE references RD 311/2022 (ENS), Regulation EU 2016/679 (GDPR), LOPDGDD, NIS2, DORA and the EU AI Act 2024/1689 depending on scope.

How long does the implementation take?

Average runs 4-7 months for a single ISO. Compound integrated SGI (9001+14001+27001) usually 8-12 months.

Can I co-finance it with Kit Digital or Kit Consulting?

Yes, Kit Consulting 2026 covers up to 24,000 EUR in advisory hours; Kit Digital covers tools (CRM, ERP, ciberseguridad) up to 29,000 EUR.

References: AENOR · BOE · ISO