GDPR - Actions for the compliance
For the compliance of a company (Data Controller or Data Processor) to the Regulation, a number of actions and measures at least required to be implemented. These are:
- Conduct Data Protection Impact Assessments (PIA)
- Maintain appropriate data security
- Institute safeguards for cross-border data transfers
- Implement “Privacy by Default” and “Privacy by Design”
- Take responsibility for the security of third-party (Data Processors)
- Get appropriate consent for most personal data collection and provide notification of personal data processing activities
- Get a parent’s consent to collect data for children under 16 years old
- Appoint a Data Protection Officer (if you regularly process lots of data, or particularly sensitive data)
- Notify data protection authorities of data breaches
- Keep records of all processing of personal information
- Consult with regulators before certain processing activities
- Be able to demonstrate compliance on demand