Content

    If your company operates in Spain, you’re likely already required to train your team in data protection, cybersecurity or regulatory compliance (such as ISO 27001). But what many startups and SMEs don’t realise is this:

    These trainings can be 100% subsidised through FUNDAE.

    Whether you’re preparing for an audit, onboarding new roles or building a culture of security, FUNDAE allows you to recover training costs without touching your compliance budget.

    Here’s how it works, what you can subsidise and how PrivaLex helps you take full advantage of it.

    What is FUNDAE?

    FUNDAE (Fundación Estatal para la Formación en el Empleo) is a public initiative that gives companies annual training credits for their employees.

    It’s available to any company with employees registered in Social Security. The mechanism is simple: if you invest in eligible training, the State reimburses that amount (fully or partially) through deductions in your Social Security contributions.

    “If you already contribute to Social Security, you’re entitled to training funds. You just need to activate them.”

    What types of training can be subsidised?

    FUNDAE covers a wide range of privacy, cybersecurity and compliance topics, such as:

    • ISO 27001 awareness and control training
    • GDPR fundamentals and data protection
    • NIS2, DORA and their impact on employees
    • Secure development and engineering best practices
    • Phishing prevention and cybersecurity culture
    • Role-specific training for HR, IT or customer support

    Trainings can be delivered online, live or in person, provided they meet certain requirements (duration, attendance tracking, evaluation, etc.).

    How much can you recover?

    It depends on your company size and annual Social Security contributions. But even SMEs typically have between €400 and €2,000 per year available, and that amount grows with headcount and risk profile.

    Important notes:

    • The credit is annual: if you don’t use it, you lose it
    • You can allocate it across multiple trainings or teams
    • The provider must be accredited and compliant with FUNDAE requirements

    Why is it essential for your compliance?

    Training is mandatory under standards like ISO 27001, GDPR and NIS2. Yet many companies postpone it due to budget or lack of internal resources.

    With FUNDAE:

    • You meet legal and certification requirements
    • You’re better prepared for audits
    • You strengthen internal culture at no additional cost

    How PrivaLex helps

    We don’t just deliver training, we make the entire process seamless. With PrivaLex you get:

    • Accredited privacy and cybersecurity courses
    • Content aligned with your ISMS or GDPR framework
    • Full FUNDAE management (documentation, submission, monitoring)
    • Flexible formats: live sessions, on-demand or in person

    Our goal: for you to train your team without administrative or budget friction.

    In summary

    If you’re training your team in privacy or digital security and you operate in Spain, you’re already paying for that training through your Social Security contributions.

    FUNDAE allows you to recover those costs.

    And at PrivaLex, we help you manage the process from start to finish.

    Let us handle the paperwork, so you can focus on scaling securely and staying compliant with confidence.