This document outlines 16 steps to take to ensure compliance with GDPR data protection standards. It includes analyzing obligations around designating a data protection officer, ensuring rights of data subjects, meeting notification requirements, assessing policies and procedures, authorizing and training staff, identifying high risk cases, and issuing recommendations to achieve full compliance.
This document outlines 16 steps to take to ensure compliance with GDPR data protection standards. It includes analyzing obligations around designating a data protection officer, ensuring rights of data subjects, meeting notification requirements, assessing policies and procedures, authorizing and training staff, identifying high risk cases, and issuing recommendations to achieve full compliance.
This document outlines 16 steps to take to ensure compliance with GDPR data protection standards. It includes analyzing obligations around designating a data protection officer, ensuring rights of data subjects, meeting notification requirements, assessing policies and procedures, authorizing and training staff, identifying high risk cases, and issuing recommendations to achieve full compliance.
This document outlines 16 steps to take to ensure compliance with GDPR data protection standards. It includes analyzing obligations around designating a data protection officer, ensuring rights of data subjects, meeting notification requirements, assessing policies and procedures, authorizing and training staff, identifying high risk cases, and issuing recommendations to achieve full compliance.
Meet separately with each interlocutor scheduled for conversations
on general obligations Analyze duty to designate a DPO, and if already designated if his or her details have been published and communicated to the authority
Analyze DPO’s position and performance of tasks
Analyze if an efficient incident management and reporting mechanism is in place Analyze, if and how privacy by design and by default principles are met
Analyze actual capacity to fulfill data subject rights. Assess if current
mechanism is effective for each and every right Assess meeting the notification obligation in case the data are rectified, erased or their processing restricted Assess if existing policies & procedures cover all GDPR aspects, have been published and are binding to staff Assess if staff is properly authorized, trained and follows internal requirements
Prepare executive summary and identify high risk cases
After identifying high risk cases, get back to controller’s questionnaires and find incompliance next to art. 36 requirement. The authority should have been consulted before processing data under high risk Ask for evidence and any missing information and assess compliance. Pay particular attention to whether any existing data protection- related documentation might be useful for your project.
Issue recommendations, fulfillment of which brings full compliance