THREE ESSENTIAL STEPS
Articles 5 | 9 | 13 | 25 | 28 | 30 | 32 | 44
The GDPR requires comprehensive data inventories that identify where personal data exist, processing activities, transfers, storage locations, access levels, retention periods, and other critical elements.
Articles 5 | 13 | 17 | 25
The GDPR requires that companies establish procedures to routinely dispose of all eligible personal data. Controllers must be able to demonstrate compliance with this requirement.
Articles 28 | 29 | 30 | 32
The GDPR requires all third-party processors (and their sub-processors) to have sufficient safeguards in place to protect personal data. Controllers are responsible for routine diligence.