If user information has been compromised, we are obliged to notify the breach to the supervisory authorities and those affected. This implies having mechanisms that allow us to detect and notify them.
Increased requirements for privacy management
A new approach is emerging: privacy by design and by default. This requires designing a product or campaign with privacy in mind from the outset and minimizing the information collected.
It also calls for greater clarity in creating policies so that they are easily understood by the general public.
Greater evidence of compliance
The GDPR is much more about evidence than posturing; it requires telegram group philippines that you be able to effectively demonstrate that you comply with the legal mandate and, therefore, removes all ornamental requirements that, for practical purposes, did not prove anything, such as the declaration of files.
You must create processes that allow you to record and register all the actions you take to achieve compliance.
Data Protection Officer
In certain cases, the presence of a data protection officer is required: for example, if it is a public body, if the core activities of the controller consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or if the core activities consist of the large-scale processing of special categories of personal data and data relating to criminal convictions and offences.
How does GDPR affect my acquisition strategies?
Marketing is possibly the commercial activity that processes the most personal information.
The raw material of any recruitment campaign is personal data.