GDPR Testing
GDPR Testing
"Private and public oganizations are obliged to comply with GDPR of 27 April 2016, which focuses on protection of natural persons with regard to the processing of personal data and on the free movement of such data. The GDPR compliance is a multidimensional issue with different issues that need to be considered. For this reason, it is very important to have in place categorized core tasks that need to be addressed/answered and noticed during the compliance process. To have the control of the GDPR compliance, there is a need to address the following issues: -Legal grounds for processing data. Do we deal with special categories of personal data, or with children? -Respect of the basic principles of GDPR (art. 5) -Define the role of a company. Data controller/processor? Which are the main obligations according to GDPR under this role? -Are there adequate mechanisms in place for the data subjects to exercise their rights? -Is there any data transfer outside the EU? -Are there technical measures taken (pseudonymization, encryption, etc.) for the protection of data subjects? -Data Protection “by design” and “by default” if needed."