Lawfulness & Transparency
The usage of personal data must be defined and transparently communicated to the data subject and their consent must be obtained. Organisations need to demonstrate they do this within the law and transparently.
Security & Safeguards
Effective security and safeguards must be put in place and incidents recorded.
Accountability & Governance
All organisations that handle personal information are accountable and good governance needs to be demonstrated at all times.
Verification & Assurances
Organisations will need to provide verification and assurances when dealing with areas such as consent, erasure, breaches, privacy by design, impact assessment results.