VUD: Raw mate­ri­al for the E‑DSG

The Asso­cia­ti­on Enter­pri­se Data Pro­tec­tion (VUD) has published “raw mate­ri­al” on the draft of the revi­sed DPA with some FAQ and a check­list for com­pa­nies (PDF). The check­list inclu­des the fol­lo­wing items:

1. Review and adapt data pro­tec­tion decla­ra­ti­ons to the new requi­re­ments; check whether
   all cases are cover­ed whe­re the com­pa­ny pro­cu­res per­so­nal data
2. Crea­te direc­to­ry of data processing
3. Iden­ti­fy con­tract pro­ce­s­sing and review and adjust con­tracts to meet specifications
4. Iden­ti­fy for­eign trans­fers and review and adjust for specifications
5. Intro­du­ce pro­cess for data pro­tec­tion impact assess­ment, pos­si­bly appoint data pro­tec­tion advisor
6. Estab­lish pro­cess for report­ing and hand­ling data secu­ri­ty breaches
7. Estab­lish or adapt gui­de­lines for respon­ding to requests from data subjects.
8. Iden­ti­fy auto­ma­ted indi­vi­du­al decis­i­ons and, if neces­sa­ry, re-regu­la­te them if they are relevant.
9. Iden­ti­fy, review for new requi­re­ments, and adjust pro­ce­s­sing of gene­tic and bio­me­tric data and for non-per­so­nal and cre­dit purposes
10. Adapt trai­ning and direc­ti­ves, pro­vi­de for audits