Reaching full compliance can be tough, but there are 4 areas where it’s extra important to be prepared.
We are writing about these in a series of blog posts. This final blog post is about how to respond to requests from data protection authorities.
Data protection authorities will affect your organization in the EU
Data Protection Authorities, DPAs, are independent public authorities that supervise the application of data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the GDPR and the relevant national laws. There is one in each EU Member State.
Generally speaking, the main contact point for questions on data protection is the DPA in the EU Member State where your company/organization is based. The DPA’s also have investigative and corrective powers.
Actions are perfect, improvement is better
If you’re not yet fully compliant with GDPR, it’s important to show that you at least have identified the gaps and have next steps for how to fix them. To have a plan may not be as good as being 100% compliant. But it’s far better than to not be aware of the problems at all.
A good start is to work with processes and routines to enable and promote compliant and responsible data processing. Document processing activities on the right level of detail including purposes for processing, legal basis for processing, parties involved in the processing and security measures in place. This enables you to identify risks and see where further legal analysis is needed.
The goal is to be able to easily account for all data processing activities. This includes purposes or processing, legal basis for processing, retention times, data processors involved and technical and organizational measures implemented.
How to respond to requests from data protection authorities
Make sure you can manage requests from a supervisory authority without spending too much time or resources. You should be able to respond timely and in detail. Consider using a software that simplifies producing relevant information fast and allows you to manage all key compliance matters in one place.
Read our other blog posts in the series:
- Privacy Readiness: Four important events to be prepared for
- Privacy Readiness: How to manage the relationship between a data controller and a data processor
- Data Subjects Rights Management: Your customers matter, and so does their data
Download our guide Better Privacy Management Strategy: 4 areas where you want to stay ahead below.