procedures for detecting, reporting, and investigating data breaches; notification protocols to inform data subjects and regulatory authorities within 72 hours

contracts between a data controller and a data processor to ensure that the processor handles personal data in compliance with GDPR standards

assessment to identify and minimize the data protection risks

appointment and role of the DPO, if required

establishing data retention policies; ensuring timely deletion of data that is no longer needed

mechanisms for transferring data outside the EU/EEA, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs)

Unterforen: Consent, Contract, Legal Obligation, Vital Interests, Public Task, Legitimate Interests

integrating data protection principles into the design of systems and processes; ensuring that privacy settings are enabled by default

Unterforen: Right of Access, Right to be Informed, Right to Data Portability, Right to Erasure (Right to be Forgotten), Right to Object, Right to Rectification, Right to Restrict Processing, Rights Related to Automated Decision-Making and Profiling

maintaining documentation of processing activities including purposes, data sharing, and data retention