Skip to content
Our team

Bárbara Botía Sainz de Baranda

Senior Lawyer — Legal Division

Areas of expertise

Data protection & privacy Corporate compliance Commercial and civil law Real estate law Legal due diligence

Specializations

  • External Data Protection Officer (DPO)
  • Legal cybersecurity
  • Due diligence on corporate transactions
  • Tourist rental & real estate regulation
  • Criminal compliance (Art. 31 bis CP)

Education

  • Law Degree, University of Murcia
  • BBA in Business Administration, University of Murcia
  • Registered no. 11,233, Málaga Bar Association (ICAM)

Languages

Spanish English

Biography

Barbara Botia Sainz de Baranda is one of those professionals who defy easy categorisation: an economist by training and a lawyer by practice, or perhaps the other way around. Her dual degrees in Business Administration and Law from the University of Murcia are not academic decoration — they are the tools that allow her to move with equal confidence between a trial balance and a set of contractual terms. Over more than fourteen years of practice, she has built the kind of profile that companies increasingly demand: someone who can understand risk in legal terms and quantify it in financial ones.

Before joining BMC in 2020, Barbara developed her career in business advisory, where she honed a specialisation that has become critical for any serious organisation: personal data protection, corporate compliance, and cybersecurity from a legal perspective. It is not about knowing the GDPR by heart — any lawyer with access to the Official Journal can manage that — but about knowing how to implement a compliance programme that works in practice, integrates into the company’s operational processes, and withstands a regulatory inspection without incident.

At BMC she serves as data protection and compliance lead, acting as external DPO for clients across multiple sectors. Her day-to-day work includes preparing Data Protection Impact Assessments (DPIAs), managing security breaches, reviewing data processor agreements, adapting internal policies to the European and Spanish regulatory framework, and training senior management in compliance culture. She also leads legal due diligence on corporate transactions, where her hybrid profile proves especially valuable: while a pure lawyer reviews clauses, Barbara reviews clauses and understands what they mean for the income statement.

Her commercial and civil law practice complements the compliance work. She has advised on company formation and restructuring, shareholder agreements, share purchase agreements, and civil claims arising from commercial relationships. Registered with number 11,233 at the Malaga Bar Association, she combines the technical rigour of legal practice with an uncommon ability to translate complex legal concepts into the language that managers and boards of directors need to hear.

Back to team

Services led

Practice areas where Bárbara serves as lead advisor or active contributor

Corporate Secretarial

End-to-end management of corporate obligations: general meetings, minutes, share register, accounts filing, and Commercial Registry matters.

View service Entity Management

Full-service corporate entity administration that frees your leadership team from the operational burden of compliance.

View service EU AI Act Compliance

Full compliance with the EU Artificial Intelligence Act: risk classification, conformity assessments, transparency obligations, and prohibited practice audits.

View service AI Governance

AI governance frameworks, ethics committees, algorithmic auditing, bias detection, and AI system registries for responsible organisations.

View service Anti-Money Laundering (AML)

AML/CFT compliance programme for entities subject to Spain's Law 10/2010: policies, procedures, training, and SEPBLAC liaison.

View service Commercial Law

Expert commercial law advisory to safeguard your business operations and protect your corporate interests.

View service Commercial Lawyer in Málaga

Commercial lawyers in Málaga: Costa del Sol business, Málaga tech hub, international companies, PTA (Parque Tecnológico de Andalucía) and non-resident companies.

View service Compliance Risk Mapping

Comprehensive compliance risk mapping: regulatory obligation register, risk heat maps, multi-regulatory gap analysis (GDPR, NIS2, AI Act, AML), and regulatory change management.

View service Corporate Governance & Compliance

Design and implementation of corporate governance frameworks tailored to each stage of company growth. Articles of association, board regulations, family business protocol, director remuneration policy, and good governance compliance programmes for companies from 10 employees to listed entities.

View service Criminal Compliance for Companies in Madrid

Criminal compliance for businesses in Madrid: Article 31 bis CP programme, whistleblowing channel Law 2/2023, compliance officer and Anticorruption Prosecutor defence.

View service Criminal Compliance

Corporate criminal compliance programmes to exempt or mitigate the criminal liability of legal entities under Article 31 bis of the Spanish Criminal Code.

View service Data Protection & Privacy

GDPR and LOPDGDD compliance, outsourced DPO, and comprehensive privacy management for businesses.

View service Digital Evidence & E-Discovery

Digital evidence preservation with chain of custody, forensic IT coordination, e-discovery in arbitration and litigation, and acquisition of admissible electronic evidence for Spanish and international proceedings.

View service Director and Officer Liability

Personal liability audit for directors and officers, compliance programme for the governing body, D&O insurance advisory, and defence in liability claims. Prevention and comprehensive protection against civil, insolvency, and criminal liability of company directors.

View service DORA Compliance (Digital Operational Resilience)

Full implementation of the DORA framework (Regulation 2022/2554) for financial entities: ICT risk management, incident reporting, resilience testing, and ICT third-party risk.

View service Employment Lawyer for Companies in Madrid

Employment lawyers for businesses in Madrid: ERE/ERTE, unfair dismissal, Labour Inspectorate, SMAC and Social Courts. Business employment defence and prevention.

View service High-Risk AI Systems

AI Act compliance for high-risk AI systems: conformity assessments, technical documentation, CE marking, post-market monitoring, and EU database registration.

View service ISO 27001 Certification

Information Security Management System implementation and ISO 27001:2022 certification: from gap analysis and Statement of Applicability through the certification audit.

View service Employment Compliance

Comprehensive employment compliance programme: working-time registration, equality plans, pay transparency, harassment protocols, remote work agreements, and labour inspection defence.

View service Business Lawyers in Madrid

Full-service business law firm in Madrid: commercial law, employment, corporate compliance, data protection and litigation. Madrid office. Free initial consultation.

View service Litigation & Arbitration

Representation and strategy in civil and commercial litigation and national and international arbitration for businesses.

View service NIS2 Compliance

EU Network and Information Security Directive 2 compliance: scope assessment, control implementation, incident notification protocols, and board-level security governance.

View service Real Estate Lawyer in Madrid

Real estate lawyers in Madrid: legal due diligence, SOCIMIs, golden mile, commercial leases and international investors. Expert property advisory in Madrid.

View service Unfair Competition & Competition Law

Defence and enforcement of unfair competition claims (Ley 3/1991, LCD) and competition law advisory: CNMC investigations, abuse of dominant position, cartel agreements, compliance programmes and private enforcement of competition damages.

View service Whistleblowing Channel (EU Directive)

Implementation of internal whistleblowing channels under Spanish Law 2/2023 transposing EU Directive 2019/1937. Full Internal Information System design, investigation protocols, and confidentiality guarantees.

View service

Published analysis

Articles and reports published by Bárbara

Criminal compliance vs regulatory compliance: the key differences

14 April 2026 · criminal-compliance, regulatory-compliance

Read analysis

How to implement a whistleblowing channel compliant with Law 2/2023

14 April 2026 · whistleblowing-channel, compliance

Read analysis

Criminal Compliance for Companies: Guide to Article 31 bis of the Spanish Criminal Code

7 April 2026 · criminal-compliance, corporate-criminal-liability

Read analysis

Dismissal Ban and Mobility Plans: Employment Obligations Under RDL 7/2026

25 March 2026 · labor-law, dismissals

Read analysis

RDL 7/2026 Tax Measures: Practical Guide for Businesses and Self-Employed

25 March 2026 · taxation, VAT

Read analysis

Renting in Spain 2026: The 2% Cap and Mandatory Extensions — Everything You Need to Know

25 March 2026 · rental, housing

Read analysis

Middle East Crisis: Spain's Comprehensive Response Plan (RDL 7/2026)

21 March 2026 · middle-east-crisis, emergency-measures

Read analysis

Rent Frozen Through 2028: Mandatory Extensions and 2% Cap (RDL 8/2026)

21 March 2026 · rental, housing

Read analysis

Request a personalized consultation

Our experts are ready to analyze your situation and provide tailored solutions.

Free consultation
Call Contact