Dark versionDefault version

Kasper Zülow

The Ten Most Important Obligations of the GDPR

The Ten Most Important Obligations of the GDPR

1. Prepare a data inventory to map your data flows so that you can understand exactly what personal data you’re processing and what you’re doingwith it.

2. Work out the lawful grounds for processing each type of personal datafor each purpose for which you’re processing it.

3. Ensure that your data security strategy is robust and that you have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk of a data breach or other security incident.

4. Ensure that an appropriate safeguard is in place whenever you transfer personal data outside of the European Economic Area (EEA).

5. Update your Privacy Notice to ensure that you’re being transparent about the means and purposes of your data-processing.

6. Update your Cookie Policy to ensure that you aren’t relying on implied consent, that browsers of your website are taking affirmative action to consent to non-essential cookies being used, and that the cookies are fired only after consent is obtained. (For more on the concept of implied consent as well as details about cookie policies.

7. Ensure that your staff are appropriately trained in relevant areas of the GDPR.

8. Ensure that you have reviewed the grounds on which you process employee data, and issue a revised employee Privacy Notice where necessary.

9. Determine whether you need to appoint a Data Protection Officer (DPO). If you do, take the necessary steps to hire a suitable candidate.

10. Review all of your processor and subprocessor arrangements and ensure that appropriate contracts are in place. Ensure that the data processor are compliant with the GDPR and that they have adequate security in place to protect the personal data.

Leave A Comment

Your email address will not be published. Required fields are marked *

Kasper Riis Zülow
en_USEnglish