There are hardly any organisations in the EU that have never dealt with the topic of data protection, as the provisions of the GDPR have been in force for many years. When a project starts, there are usually already data protection measures in place and a person responsible for data protection in each partner organisation (see course "Basics course > My rights, my dutys").

The project management and those involved in the project should provide feedback to the organisation's data protection officer if new data protection requirements arise as a result of the project so that these can also be taken into account in the organisation's data protection concept. This applies in particular if the following topics are affected by the project: 

• Any processing of personal data must be lawful and carried out in accordance with the principles of data protection.
  
• Data subjects must be fully informed about the processing of their personal data as soon as it is collected.
• The controller must take appropriate technical and organisational measures to ensure an adequate level of protection of personal data.
• When selecting external service providers, care must be taken to ensure that they offer sufficient guarantees for compliance with the GDPR.
• Each measure must take into account the nature and scope of the processing as well as the likelihood and severity of the risks associated with the processing for the rights and freedoms of natural persons. In case of doubt, the controller must carry out a risk analysis or a data protection impact assessment
• The organisation may have to keep a record of processing activities.
• The rights of data subjects must be taken into account and complied with. In particular, the right of access, rectification and erasure of data, the right to object or, in the case of processing based on consent, the right to withdraw consent.

Disclaimer: This e-learning does not constitute legal advice. In addition, the European member states are free to concretise the provisions of the GDPR within the framework of national legislation. 

Task

Make a list of who in your company is responsible for the individual topics or who you can contact to clarify these issues in case of doubt.