Data protection in companies and organisations

Responsibility for data processing results in a number of obligations for the company or organisation. As the controller, you must be able to prove that the requirements of the General Data Protection Regulation have been properly implemented. This means that in addition to the introduction of processes and workflows that ensure data protection, it is also necessary to document the measures implemented. 

This includes, among other things:

• Ensuring the lawfulness of data processing
  
• Maintaining a processing directory
• Documentation of technical and organisational measures
• Checking and documenting external service providers and contract data processors
• Carrying out risk analyses and data protection impact assessments as required
• Definition and compliance with deletion deadlines
• Definition of internal processes (e.g. in the event of a data protection incident)

Source: Mohamed Hassan on Pixabay