Initiatives to ensure compliance with the General Data Protection Regulation (“GDPR”) have been increasing rapidly. The Bavarian Data Protection Authority has now published the English version of a questionnaire (previously only available in Bavarian German) that allows companies to evaluate their degree of adaptation (at least approximately) to the requirements established by the GDPR. The GDPR will enter into force on May 25, 2018.
The questionnaire is also useful for companies established in other Member States, as it refers to key points to be considered by any organization willing to implement and adapt to the GDPR provisions.
This questionnaire is divided into the following sections:
• Structure and responsibility in the company.
• Overview of processing activities.
• Involvement of third parties.
• Transparency, information duties, and assurance of data subject rights.
• Accountability and risk management.
• Data breaches.
The Spanish Data Protection Office is also proactively publishing documentation regarding the GDPR implementation, which we had the opportunity to discuss in other entries on this blog (for example, here or here).