Step 6: Document compliance
To prove your compliance with the regulations, you need to compile and consolidate the necessary documentation. The actions and documents carried out at each stage must be regularly reviewed and updated to ensure ongoing data protection.
Your application must include the following information:
Category | Documentation |
DOCUMENTATION ON YOUR PERSONAL DATA PROCESSING | Record of processing activities (for data controllers) or categories of processing activities (for data processors) |
DOCUMENTATION ON YOUR PERSONAL DATA PROCESSING | Data Protection Impact Assessments (DPIAs) for processing operations likely to generate high risks for the rights and freedoms of individuals. |
DOCUMENTATION ON YOUR PERSONAL DATA PROCESSING | The framework for data transfers outside the European Union (in particular, standard contractual clauses, BCRs and certifications) |
INFORMING PEOPLE | Information notices |
INFORMING PEOPLE | Models for obtaining the consent of the persons concerned |
INFORMING PEOPLE | Procedures for exercising rights |
CONTRACTS THAT DEFINE THE ROLES AND RESPONSIBILITIES OF PLAYERS | Contracts with subcontractors |
CONTRACTS THAT DEFINE THE ROLES AND RESPONSIBILITIES OF PLAYERS | Internal procedures in the event of a data breach |
THE RIGHTS OF INDIVIDUALS AND THE EXERCISE OF THEIR RIGHTS | Proof that data subjects have given their consent when their data is processed on this basis. |
If your documentation shows that you meet the obligations laid down by the European regulation, then you've passed this stage. Congratulations!
Last updated