GDPR Implementation guidelines - Proof of compliance

25/04/2018
Insights

The entire General Data Protection Regulation (GDPR) revolves around the protection of personal data, how personal data can be used and so forth. Within the implementation guidelines of the GDPR, there are different types of operations to consider. Here, we will discuss proof of compliance.
 

As a DPO or Security Officer, you need to be able to perform 2 main tasks:

  • Prove your GDPR compliance
  • Respond to potential requests from Data Subjects.

Without smart and secure (software) tools, achieving this requires a huge effort. Tools as described in our posts 'Personal Information Identification' and in 'Continuous Operations - Identification' are a real cost/risk-reducing aid.

Prove your GDPR compliance

In order to cover your GDPR compliance, you need to have ready:

  • Towards employees:
    • Proof of informing your co-workers on GDPR in general
    • Extension to the labour contract or employee work rules
  • Towards suppliers:
    • Data Processing Agreement
    • Annex to freelance contracts
    • Annex to management contracts
  • Towards Data Privacy Authority (when requested):
    • Documented privacy-related decisions
    • Documented Processing Register
    • Documented security measures in IT systems (security by design/default)
    • Up-to-date Usage Register
    • Up-to-date Data Breach Register
  • Towards Data Subjects:
    • Proof of informing them on Personal Data, purpose and legal base
    • In-time responses to requests

Responses to potential requests from Data Subjects

Under articles 15 to 22 in the GDPR, Data Subject Rights are listed as:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Notification obligation on previous 3
  • Right to data portability
  • Right to object profiling or automated decision-making

It is recommended that each of these requested rights, corresponding actions, and the related communication are registered in a system.
 

Want to learn more?

You can find information on the implementation guidelines of the GDPR, like processing principles, security measures, preparations, operations and much more by clicking on the button below.
You can also download our full implementation guide 'A free quick-start guideline for your GDPR implementation' as a PDF document.


GDPR implementation guidelines

    Share this insight