Skip to main content
ShareEmailLinkedInXWhatappsFacebook
feedback
Share

Prepare your Certification

In order to prepare a successful certification, here is some advice:

  • Commit to personal data protection and communicate your commitment (i.e., Privacy Pact).
  • Designate a Data Protection Officer and make him/her easily reachable by the public and by your National Supervisory Authority.
  • Inventory and document your processing activities.
  • Check the lawfulness of your data processing activity (if based on consent, make sure that consent is informed, free, clearly expressed, and received before processing the data).
  • Assess the risks for the rights and freedom of data subjects and, if applicable, perform, a Data Protection Impact Assessment (DPIA).
  • Minimise the personal data collection, processing, access and period of retention.
  • Secure the data processing with appropriate technological and organisational measures.
  • Adopt an adequate data protection policy, rules and procedures, including for access control, backups and data retention period, data subject rights, processors, and cross-border transfer of personal data.
  • Communicate your data protection policy and procedures.
  • Record and document the exercise of data subjects' rights.
  • Record and document any data breaches and your reaction.
  • Regularly check your technical and organisational measures and update your risk assessment.
  • Perform, at least once a year, a top management review of the internal audit results and risk assessment. The top management should adopt a specific action plan addressing the identified weaknesses.