Yes.

Data privacy:

• Regulation (EU) 2016/679 of the European Parliament and of the Council, dated 27 April, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
• Spanish Organic Act 3/2018, dated 5 December, on Personal Data Protection and Digital Rights Safeguard

Data security:

• Royal Decree-Law 12/2018, dated 7 September, on the security of networks and information systems
• Act 8/2011, dated 28 April, establishing measures for the protection of critical infrastructures (The Act foresees several obligations on operators of critical infrastructures. Owner/operators of critical infrastructure have specific obligations to implement security measures to guarantee the comprehensive security of their critical infrastructure.)
• Royal Decree 43/2021, dated 26 January, developing Royal Decree-Law 12/2018, dated 7 September, on network and information systems security
• Directive (EU) 2022/2555 of the European Parliament and of the Council, dated 14 December, on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No. 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148