How do you obtain a clean auditor’s report on the annual report, minimization of personal managerial responsibility, and reduction of the risk of personal data fines?
When you have implemented your basic personal data compliance, it must be maintained on an ongoing basis. Thus, the next step is an independent review of whether the documentation is satisfactory. In the General Data Protection Regulation, it is called performance of the accountability principle, but there are a lot of ways of saying that, so you may have heard it described as personal data control, GDPR review, personal data protection declaration, and many other things.
The common denominator is the incorporation of procedures that ensure continuous control of compliance with the data protection rules. There is, as a minimum, need for an annual review.
Advantages of a review with the Control Package
Identification of the company’s risks in processing data (fines, compensation, brand value)
For the board or the management, the Control Package contributes to identify the risk of personal responsibility
For data processors, the declaration is a must in the competition with other data processors
NJORD offers the following package solutions for personal data control:
Annual wheel for ongoing control of personal data procedures
This includes written procedures for the key elements of ongoing control, including ensuring that control is carried out during the year. The elements, which are typically included in the annual wheel, are:
Correct management anchoring of responsibility for personal data in the company
Training of employees, e.g. in connection with onboarding of new employees
Procedure for control of data processors
Procedure for internal controls
Declaration of personal data control (standard package)
This includes an overall review of procedures, management anchoring, and random checks with reference to the GDPR and the Danish Data Protection Act. This declaration is recommended for businesses that are primarily data controllers (as opposed to data processors) and are not processing personal data as part of their core activities.
Declaration of personal data control (full package)
This includes an overall review of procedures, management anchoring, and random checks with reference to the GDPR and the Danish Data Protection Act. This declaration is recommended for businesses that are primarily data processors or are processing personal data as part of their core activities.
We hope you are interested in hearing more about the Personal Data Control Package, and you are welcome to drop by for an informal meeting.
If you need a review of your personal data compliance, you can read more about our Personal Data Compliance Package.
