Primary steps to an effective data protection ecosystem

  1. Place, approve and communicate data protection policies, practices and processes
  2. Appoint data protection officer
  3. Maintain a record of processing activities
  4. Notify purpose and seek consent
  5. Enforce technical measures enhancing privacy
  6. Undertake data protection impact assessment
  7. Review existing contracts with third parties/ vendors and draft new contracts incorporating data protection clauses
  8. Conduct data audits
  9. Put in place incident/ breach management system
  10. For cross border data transfer adopt appropriate mechanism