The Association Enterprise Data Protection (VUD) has published “raw material” on the draft of the revised DPA with some FAQ and a checklist for companies (PDF). The checklist includes the following items:
- Review and adapt data protection declarations to the new requirements; check whether
all cases are covered where the company procures personal data- Create directory of data processing
- Identify contract processing and review and adjust contracts to meet specifications
- Identify foreign transfers and review and adjust for specifications
- Introduce process for data protection impact assessment, possibly appoint data protection advisor
- Establish process for reporting and handling data security breaches
- Establish or adapt guidelines for responding to requests from data subjects.
- Identify automated individual decisions and, if necessary, re-regulate them if they are relevant.
- Identify, review for new requirements, and adjust processing of genetic and biometric data and for non-personal and credit purposes
- Adapt training and directives, provide for audits