Implementing a GDPR Compliance Program

Implementing a GDPR Compliance Program

By Wendell La Fortune

As it stands, the legislation does not provide a clear definitive, quantitative statement on what compliance is, nor when it has been achieved.

The iterative steps enumerated below takes into account and considers the requirements specified in the legislation for the obligations placed on controllers and processors.

An assessment of your organisation’s current level of compliance with the GDPR(to determine current state), as this will help to identify the areas you need to address to both achieve and demonstrate compliance.

The process should include but not be limited to:

Analysis of your organisation’s processes and procedures relating to data management, governance, risk management and implementation of appropriate technical and  organisational controls.

You must develop and implement policies that  considers and covers the following:

GDPR  6 Core Processing Principles 

6 Lawful Processing Basis Review

Data Subject Rights

International Transfers

Controller and Processor Obligations (ex, Secure Processing Requirement (Art 32) 

Data Protection by Design and Default(Art 25)

DPIAs (Art 35)

Incident Management/ Breach Reporting Notification Obligations

DPO requirements(Arts 37,38,39) 

Processor Assurance(DPAs)

Record Keeping 

Subscribe To Our Newsletter

Enter your email to receive a weekly round-up of our best posts.