Implementing a GDPR Compliance Program
By Wendell La Fortune
As it stands, the legislation does not provide a clear definitive, quantitative statement on what compliance is, nor when it has been achieved.
The iterative steps enumerated below takes into account and considers the requirements specified in the legislation for the obligations placed on controllers and processors.
An assessment of your organisation’s current level of compliance with the GDPR(to determine current state), as this will help to identify the areas you need to address to both achieve and demonstrate compliance.
The process should include but not be limited to:
analysis of your organisation’s processes and procedures relating to data management, governance, risk management and implementation of appropriate technical and organisational controls.
You must develop and implement policies that considers and covers the following:
GDPR 6 Core Processing Principles
6 Lawful Processing Basis Review
Data Subject Rights
International Transfers
Controller and Processor Obligations (ex, Secure Processing Requirement (Art 32)
Data Protection by Design and Default(Art 25)
DPIAs (Art 35)
Incident Management/ Breach Reporting Notification Obligations
DPO requirements(Arts 37,38,39)
Processor Assurance(DPAs)
Record Keeping