Designate a Data Protection Officer
Identify the personal data collected
Establish the purpose for collection and processing of personal data
Classify and inventory the personal data
Ensure data collection points have required disclosures and consent mechanisms
Approval: Consent Mechanisms
Assess and document lawful basis for processing personal data
Ensure the implementation of strong data security measures
Establish and document processes for individuals to exercise their rights
Create personal data breach notification process
Approval: Breach Notification Process
Develop a system to provide data portability requests
Implement a process for ongoing privacy risk assessment
Training and awareness programs for staff regarding privacy compliance
Approval: Staff Training Program
Provide clear information about data storage, usage and rights to individuals
Create a privacy policy and make it easily accessible
Ensure third party compliance with privacy standards
Conduct regular privacy audits and reviews
