Monitoring compliance with GDPR

Context:

In several instances the GDPR stipulates that controllers and processors need to be able to demonstrate compliance with the regulation:

  • Demonstrate compliance with Processing principles – Article 5(2)
  • Able to demonstrate that processing is performed in accordance with this Regulation – Article 24(1)
  • Processor to provide evidence of compliance – Article 28(3)(h)
  • Data Protection Impact Assessment to contain the monitoring measures – Article 35(7)(d)
  • Data Protection Officer tasks include monitoring – Article 39(1)(b,c)

Considerations:

The supervisory authority could investigate your processing activities at any time. It is therefore important that you establish and keep ongoing records.

When exercising their rights, individuals can also request information and if you have records to hand you can respond within timeframes laid out in the regulation.

Having a system, such as Gydeline in place, which shows your level of compliance is a good way to prove that you are taking the GDPR seriously, have a plan and are monitoring your ongoing activities under the regulation.

How to:

Keep records of your processing of personal information and the systems and policies which you have around these including:

  • Data Protection Impact Assessments
  • Consent records
  • Data Protection Policies
  • Data Protection Officer role and responsiblity
  • Privacy notice/policy
  • Security policies
  • Training records
  • Processing activity records

Common Scenarios:

A complaint has been made to the supervisory authority

Provide suporting information that shows you are compliant with the regulation

References:

      • GDPR Recitals: 97,
      • GDPR Articles: 5, 24, 28, 35, 39

How Gydeline helps

We, at Gydeline, help small and medium sized organisations save money and time by building systems, processes and policies that simplify their business and support their sustainability aims.  We do this with a range of services.

If you would like to discuss any aspects of dealing with this and other risks in your business we are always happy to offer some, free, no obligation assistance – just contact us.

Related Posts