Governance of Personal Data
The General Data Protection Regulation (GDPR) requires data controllers to effectively oversee the processing of personal data through the implementation of effective governance mechanisms. This certification scheme provides a precise specification of requirements, including:
- Assigning roles and responsibilities for data protection
- Maintaining records of processing activities
- Being transparent with data subjects
- Fulfilling obligations relating to data transfers
- Effectively controlling the sharing of personal data
- Assessing potential harm
- Countering risk
- Completing data protection impact assessments
- Proving compliance
- Proving consent
- Establishing a process to identify and authenticate data subjects exercising their rights
- Enabling data subjects to make requests
- Adequately monitoring processing activities
- Ensuring staff are competent
- Staff awareness and training
- Processing in compliance with the principles (training, policies)
- Providing supervisory authorities with information on request
- Establish a capability to document any violation
- Reporting data breaches