GDPR - EUIDPR: Many aspects of compliance with the GDPR and EUIDPR rely on a good governance model. This means that organisations have to set policies and train staff and contractors to such policies. The combination of policies and training will contribute to better data handling in the organisation. Under the GPDR and EUIDPR, this forms part of the material required to demonstrate compliance with the regulation and may be required by the Data Protection Supervisory Authorities (GDPR) or EDPS (EUIDPR) in case of an audit.
ISMS - PIMS: ISO27001 requires a top-level information security policy (Clause 5.2) and usually involves several policies for the implementation of controls to modify risks. Clause 7.5 requires to retain documented information in an adequate format.
The GDPR requires that many contractual relationships are established between data-controllers and data-processors.
The GDPR and EUIDPR require that when no longer required, data should be either disposed off or anonymised. Our record retention policies will assist the organisation in setting the expected reference for data retention.