What companies must do to operate in line with the GDPR?

A number of actions and measures are needed to operate an organization (Data Controller or Data Processor) in line with the Regulation, which at a minimum should be implemented. These are:
  • Conduct Data Protection Impact Assessments (PIA)
  • Maintain appropriate data security
  • Institute safeguards for cross-border data transfers
  • Implement “Privacy by Default” and “Privacy by Design”
  • Take responsibility for the security of third-party (Data Processors)
  • Get appropriate consent for most personal data collection and provide notification of personal data processing activities
  • Get a parent’s consent to collect data for children under 16 years old
  • Appoint a Data Protection Officer (if you regularly process lots of data, or particularly sensitive data)
  • Notify data protection authorities of data breaches
  • Keep records of all processing of personal information
  • Consult with regulators before certain processing activities
  • Be able to demonstrate compliance on demand

I am interested in

Please type the letters in the picture (Case Sensitive)

To find out more about the processing of your Personal Information collected through the above form, please visit our Privacy Statement page.