The evolution of the European regulation requires that you document the data protection measures taken within your company and obliges you to adopt the necessary security measures regarding the risks for the rights and liberties of individuals by taking into account their gravity and likelihood.
Moreover, Article 37 provides that the Data Protection officer will be tasked with the mission of:
- Ensuring the data processing compliance with the regulation, and with their company’s or administration’s internal policies, including the improvement of staff training and awareness.
- Monitoring the completion of data protection impact assessments for the cases in which they are legally required.
In the exercise of their duties, the Data Protection Officer will take into consideration the risks associated with the data processing in accordance with the nature, the context, the scope, and the scope of the processing.