STEP 3 – IMPLEMENTATION

Implement tools to respect the new rights of data subjects

The GDPR gives particular attention to the rights of data subjects. For example, data subjects have the right to access and rectify their details. Moreover, individuals are being given even more opportunities to speak for themselves when it comes to the processing of their data. Their rights are being strengthened and expanded. Therefore, evaluate your procedures for granting access, etc. and set out the conditions for individuals to exercise their rights under the GDPR within your organisation (see what are the consumer’s right under the GDPR and the Data subject consent withdrawal form).

The information should, in principle, be provided at the time the personal data is collected.

DPIA: Data privacy impact access

Under the GDPR you may be obliged to carry out a data privacy impact assessment (“DPIA”). A DPIA is an instrument that allows you to inventory a data processing operation before such operation is carried out, so that measures can be taken to reduce those risks (see our DPIA long version template).

Keep update your GDPR’s documents

It is important to update the different document and to assign, for each document, a responsible: GDPR roles and responsibilities.