Here are the main obligations you must respect:
- Implement technical and organizational measures to ensure you and be able to demonstrate that your treatments are carried out in compliance with the GDPR(document a maximum);
- Ensure that your processing is lawful, fair and transparent;
- inform people of their rights and respect them;
- collect the strict necessary data determine and respect a necessary retention period;
- Maintain a treatment record;
- Appoint a Data Protection Officer (mandatory in certain cases);
- Obligation to secure data and process data violations (communication to individuals, notification to the National Commission for Data Protection);
- Conduct impact analyses for high-risk treatments;
- Ensure that your subcontractors comply with the GDPR, formalize a new contract and instructions to subcontractors.