The Data Protection Officer (or other responsible person) has drawn up operating instructions for personnel handling personal data. In addition, the Data Protection Officer is ready to advise the controller, personal data processing partners or their own staff on compliance with GDPR or other data protection requirements.
The organization must have in place a procedure to handle instructions coming from data controller regarding the processing of personal data. The procedure must make sure: