Under GDPR, companies must be able to:
- Provide information about which personal data is kept by a company and for what purposes it is used
- When applicable, delete personal data
- When applicable, immediately and easily transfer personal data
- Report security incidents within 72 hours to the agencies AND the people who are affected
- Present their risk evaluation statement as well as a statement how the company addresses these risks
- Have in place a Data Protection Officer
Please fill out the form below to download.