Personal Data Processing Principles

Demonstrate compliance for the processing in an appropriate manner to maintain security (integrity and confidentiality)

Personal information and verification

Right to Erasure / Deletion

Report/verify removal of all production-based information requested for obfuscation/deletion

Right to Restriction of Processing / Data Use

Ability to restrict processing of data with protection by design

Inventory of data with classification of data type 

Data protection by design and by default

Regularly identify sensitive data and the data owner

Access data sensitivity

Data Monitoring for threat identification

Breach and Activity Tracking

Notification of a personal data breach

Records of processing activity

30 day to cure alleged violations

Security of Processing

Pseudonymization and Encryption of personal data

De-identification

Data Protection Impact Assessment

Assess data risk, sensitive data and data owners as part of impact assessments, including safeguards and security measures

General conditions for imposing administrative fines

Establish and maintain data classification  and monitoring