GDPR requires that:
- your organisation implements technical and organisational measures for compliance with the rules
- these measures are systematic and documented through guidelines in an internal control system
As an internal control system has long been a requirement under Norwegian law, we know that such a system is one of the top check points on audits conducted by the Norwegian Data Protection Authority.
Based on your gap analysis, privacy strategy and basis of processing, we will help you to:
- identify what kind of processing is taking place
- evaluate the risk of the processing
- set up a template for internal guidelines
- design the guidelines specifically for your organisation
Please contact us.