Responsibility of the controller – Data protection by design and by default

Do we have processes, in place, to ensure that: Article 24,25

  • We can show that we have moved our processes in line with IT’s evolution
  • We can show we have dynamic processes in place to track the state-of-the-art and modify our processing accordingly
  • We can show that we implement data-protection principles, such as data minimisation, in an effective manner
  • We can show how we integrate the necessary safeguards into the processing in order to meet the requirements of the GDPR
  • We can demonstrate an appropriate set of policies
  • [ok for now but need to revisit – also need to consider duplication with next sub-box?]