Organisation must maintain a listing of used data systems and their owners. Owner is responsible for completing the related documentation and possible other security actions directly related to the data system.
Data system documentation must include at least:
Organisation must maintain a listing of controlled data stores and their owners. Owner is responsible for completing the documentation and other possible security actions directly related to the data store.
Data store documentation must include at least:
The task of the Data Protection Officer (or other responsible person) is to monitor that the Data Protection Regulation and other data protection requirements are complied with in the organisation's operations.
In making her assessment, the responsible person shall take into account the risk associated with the processing operations and of the nature, extent, context and purposes of the processing of personal data.