Ask yourself the following questions
We take responsibility for complying with the UK GDPR, at the highest management level and throughout our organisation.
We keep evidence of the steps we take to comply with the UK GDPR.
We put in place appropriate technical and organisational measures, such as:
adopting and implementing data protection policies (where proportionate);
We take a ‘data protection by design and default’ approach. Therefore, we put appropriate data protection measures in place throughout the entire lifecycle of our processing operations;
We have written contracts in place with organisations that process personal data on our behalf;
We maintain documentation of our processing activities;
☐ implementing appropriate security measures;
We record and, where necessary, reportpersonal data breaches;
We carry out data protection impact assessments for uses of personal data that are likely to result in high risk to individuals’ rights and freedoms
We have appointed a data protection officer (where necessary)
We adhere to relevant codes of conduct and signing up to certification schemes (where possible).
We review and update our accountability measures at appropriate intervals.