Assess your readiness compliance. Define your project scope. Explore and understand your data. Perform a detailed gaps analysis. Assess the risk. Prioritize objectives and tasks. Build remediation plan. Execute remediation plan. Monitor.
Roadmap to compliance Read More »
Controller is responsible for and shall demonstrate compliance with the 6 principles related to personal data Accountability implies to fulfill enhanced governance duties¦New Implementing privacy by design and privacy by default Detailed records of processing activities Notification of data breaches Data protection impact assessment DPIA Mandatory data protection officer DPO Codes of conduct Certification
Mandatory DPO¦New. Controller and the processor must appoint a DPO where: Processing is performed by a public entity. Core activity requiring regular and systematic monitoring of data subjects on a large scale. Core activity consists in processing of special categories/sensitives personal data on a large scale. DPO might be internal or external. DPO skills. Knowledge
Data Protection Officer DPO Read More »
Mandatory if processing is likely to result in a high risk. In regards to its nature, scope, context and purpose (e.g new technology). Shall be carried out by the controller and prior to the processing. Mandatory, for instance, where automated processing, such as profiling¦New. Content requirements of DPIA. Detailed description of the processing (purpose, legitimate
Data Protection Impact Assessment DPIA Read More »
Notification to supervisory authority by Controller¦New Mandatory only if breach is likely to result in a risk to the rights and freedoms of data subject Without undue delay / within 72 hours after being aware¦New Notification shall include detailed information including incident consequences and measures Processors shall notify the controller without undue delay of a
Data Breach Notification Read More »
Taking into account the state of the art, the costs of implementation […] the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk (Article 32 GDPR). Technical measures. Pseudonymization and encryption. Confidentiality and integrity. Availability, resilience. Promptly restore and access personal data. Frequently
Ensure Security of Processing Read More »