Create or amend existing privacy notices.Define personal information retention and protection policy.Identify and dispose of Irrelevant Personal Information and keep a log.Identify record-keeping requirements and procedures.Conduct legitimate interest assessments where required.Identify a lawful basis for processing personal information in each case.
Perform audit of personal information by business area.Conduct initial personal information gathering exercise.Conduct IT security and information security awareness training.Perform IT security-related training and familiarisation.Conduct IT security competence and training needs assessment.Appoint Information Protection Officer (if required).Recruit Information Protection Officer (if required).Identify Lead Data Protection Supervisory Authority.Define IT security roles and responsibilities.IT Security Initiation, Roles, awareness and training Initiate a project with appropriate resources and budget.Perform high-level IT Security compliance check.Gain insights in IT Security vs GDPR/CCPA similarities and differences.Gain insights in the meaning and impact of IT Security.Set goals, which IT Security standard according organizational goals and data security.