What companies must do to operate in line with the GDPR?

A number of actions and measures are needed to operate an organization (Data Controller or Data Processor) in line with the Regulation, which at a minimum should be implemented. These are:
  • Conduct Data Protection Impact Assessments (PIA)
  • Maintain appropriate data security
  • Institute safeguards for cross-border data transfers
  • Implement “Privacy by Default” and “Privacy by Design”
  • Take responsibility for the security of third-party (Data Processors)
  • Get appropriate consent for most personal data collection and provide notification of personal data processing activities
  • Get a parent’s consent to collect data for children under 16 years old
  • Appoint a Data Protection Officer (if you regularly process lots of data, or particularly sensitive data)
  • Notify data protection authorities of data breaches
  • Keep records of all processing of personal information
  • Consult with regulators before certain processing activities
  • Be able to demonstrate compliance on demand

I am interested in

Please type the letters in the picture (Case Sensitive)