The organization has created and communicated to registered users a process through which they can report questions, complaints or disputes related to data protection.
The organization has rules of procedure for handling, resolving and communicating issues that come to this channel. Valid issues that arise can be handled, for example, through the general non-conformity management process.
Organisaation on määriteltävä, miten tehdään säännöllistä henkilötietojen käytön seurantaa (esim. tietoja voivat katsella ja käsitellä vain siihen oikeutetut henkilöt) ja miten toimitaan, jos väärinkäytöksiä ilmenee.
From the point of view of the information security management system, non-conformities are situations in which:
In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.
The task of the Data Protection Officer (or other responsible person) is to monitor that the Data Protection Regulation and other data protection requirements are complied with in the organisation's operations.
In making her assessment, the responsible person shall take into account the risk associated with the processing operations and of the nature, extent, context and purposes of the processing of personal data.
The organization regularly conducts privacy audit. For example, the audit identifies shortcomings and development needs related to the processing of personal data and the processing of personal data.