- Designate one or more internal controllers to ensure compliance with the legislation.
- Identify the personal data processed to assess risk and determine the level of compliance requirements to apply.
- Ensure data security according to the data protection principles of “privacy by design” and “privacy by default”.
- Comply with the duty to provide information (privacy policy, contracts, etc.).
- Establish an inventory of processing operations.
- Check and adapt contracts with subcontractors.
- Check and adapt cross-border data flows.
- Set up a procedure in case of a security breach (notification of the Federal Data Protection and Information Commissioner and the data subjects).
- Establish a procedure in case of access requests.
- Establish retention policies to set and verify the useful retention period.
- Destroy data that is no longer needed.
- Roll out continuous training of your employees.