Articles 24, 25 and 32 of GDPR
Internal guidelines/operating procedures for the protection of personal data

Alternatives:

Binding corporate rules (Article 47 of GDPR)
Implementation of approved codes of conduct (Article 42 of GDPR)
Adherence to data protection certification mechanisms (Article 43 of GDPR)

Who is obliged to adopt

All data controllers and data processors, without exception, before the start of the processing of personal data

Products

Internal guidelines/operating procedures for the protection of personal data in accordance with Articles 24, 25 and 32 of GDPR containing the description of appropriate:

  • technical,
  • staffing and
  • organisational measures aimed at protecting personal data, necessary for the protection of personal data from:

– accidental loss or destruction and from

– unauthorized access,

– unauthorized alterations,

– unauthorized dissemination and

– all other forms of abuse, and

– to determine the obligation of all persons entrusted with the processing of personal data to maintain the confidentiality of these data.