GDPR requires that:
- your organisation implements technical and organisational measures for compliance with the rules
- these measures are systematic and documented through guidelines in an internal control system
As an internal control system has long been a requirement under Norwegian law, we know that such a system is one of the top check points on audits conducted by the Norwegian Data Protection Authority.
- identify what kind of processing is taking place
- evaluate the risk of the processing
- set up a template for internal guidelines
- design the guidelines specifically for your organisation
Please contact us.