GDPR will remain a hot topic for a long time. Data protection will be more and more critical going forward into the digital age and with the new upcoming legislations that are getting stricter.
Since every company falling subject to GDPR should be compliant with this legislation and the aim of your company at this stage is more likely to improve your processes, make those more mature and try to ensure that nothing slips through management controls and are reported in a timely manner.
We give some hints for areas of attention based on our experience where companies get it wrong and also where the Data Protection Authorities focus their attention:
- Privacy notice
- Cookie notice
- Proper segregation of duties
- Incorporating data protection by design into daily operations across the organisation
- Duly executing data subject right requests in a timely manner