Article 24 of the General Data Protection Regulation requires that organisations implement 'appropriate technical and organisational measures' to be able to 'demonstrate' their compliance with the Regulation. In preparing for the Regulation, organisations will have to implement not only internal and publicly-facing policies, records and notices, but also technical measures, and fundamental changes to their processing operations.
To reduce risks, organisations have to retain comprehensive procedures and policies internally, which can be made available to Data Protection Authorities, where required.
Requirements such as Subject Access Requests will require some input at several levels within the organisation, each of these having to follow specific procedures to ensure an appropriate response within one month.
Bizoneo allows the secure storage of such documents, ensure the latest procedures are available to staff members or contractors.