GDPR Accountability Annotations Handbook

Get Your Free Copy

For each of the 99 articles of the GDPR you receive:

Accountability Annotation Technical and Organisational Measures Example Accountability Mechanisms Example Evidence
An annotation explaining the meaning and impact of the Article. A list of technical and organisational measures that once implemented may help:
  1. Achieve ongoing compliance with the GDPR and,
  2. Produce documentation that will help demonstrate compliance.
In some cases, the measure may not be applicable.
A sample listing of appropriate policies, procedures, guidelines, checklists, training and awareness activities, transparency measures, technical safeguards and other mechanisms that mitigate internal and external privacy risk. Accountability Mechanisms are produced when organisations put in place technical and organisational measures. A listing of sample evidence indicating that the accountability mechanisms have been implemented and used appropriately.

Here is an example

Accountability Annotation Technical and Organisational Measures Example Accountability Mechanisms Example Evidence
Article 13 - Controllers obligations to provide notice to data subjects

Article 13 provides that where personal data relating to data subjects are collected, controllers must provide certain minimum information to those data subjects through an information notice. It also sets out requirements for timing of the notice and identifies when exemptions may apply.

See Recitals 60-62.
Maintain a data privacy notice that details the organization’s personal data handling practices

This privacy management activity ensures that controllers put in place policies and procedures to ensure that the required information is provided to data subjects when their information is collected.

Maintain policies / procedures for secondary uses of personal data

This privacy management activity addresses having policies and procedures that define how to handle situations when the organisation wishes to use personal data beyond the primary purpose. Secondary uses of data must be disclosed in information notices under Article 13 and 14.

Provide data privacy notice at all points where personal data is collected

This privacy management activity addresses how an organisation provides an opportunity for data subjects to review the organisations privacy notice at the point of data collection.
Data privacy notice

Just in Time Data Privacy Notice

Mobile Data Privacy Notice

Short Form/Condensed Data

Privacy Notice

Translated Data Privacy Notice

Privacy Notice Language for Hard Copy Forms

Privacy Notice Signage

Privacy Notice in Marketing

Communications

Privacy Notice in Contracts and Terms

Scripts for Providing Notice via Phone
Copy of the information notice provided to data subjects

Documentation showing that privacy notice is aligned to legal requirements

Details on the placement and timing of the notice

Copies of contracts showing requirements for privacy notice language

Records of training sessions with call center reps providing instruction on how to provide notice via phone

DOWNLOAD THE HANDBOOK

*
*
*
*
*

6 GDPR Solutions

Nymity's GDPR Solutions

See How Nymity Can Help

Legal   |   Privacy Notice  
© 2002-2017 Nymity Inc. All Rights Reserved.