The GDPR accountability principle makes it your responsibility to show how you comply with the GDPR and its principles, which came into force on 25th May 2018.
How to show you're compliant with GDPR
1. Implement governance measures such as updating your policies, training your staff, auditing how you process data (data mapping)
2. If necessary, appoint someone from your team to be your data protection officer (DPO)
3. Keep good records of your data-processing activities, including comprehensive, transparent privacy notices. These records must include:
- Name and details of your organisation (or other controllers, your representative, and DPO, if you have one)
- Reasons for the processing
- Description of the types of individuals and personal data
- Description of the type of recipients receiving the data
- Details of transfers to third countries, including documentation of the transfer mechanism safeguards in place
- Retention schedules
- Description of measures both technical and organisational
4. Meet the principles of data protection by default and design by implementing measures such as:
- Enabling individuals to monitor processing
- Regularly updating security features
- Using data protection impact assessments
- Data minimisation (deleting unneeded data in a secure way)
Want to access this guide?
Already have a Farillio account? SIGN IN
Get unlimited access to 100s of legal resources by signing up to Farillio today.
- Manage your legal documents online
- Well written legal templates by our partners
- Guides to help you understand law
- Legal help available every step of the way