Our organization has determined whether a data protection officer should be appointed and, if so, made an appointment.
The Data Protection Officer shall be appointed if:
In addition to the appointment, it is essential to regularly assess whether the Data Protection Officer is acting in the role and performing the tasks required by the Data Protection Regulation.
The Data Protection Officer (or other responsible person) has drawn up operating instructions for personnel handling personal data. In addition, the Data Protection Officer is ready to advise the controller, personal data processing partners or their own staff on compliance with GDPR or other data protection requirements.
Organisation must maintain a listing of controlled data stores and their owners. Owner is responsible for completing the documentation and other possible security actions directly related to the data store.
Data store documentation must include at least: