- Place, approve and communicate data protection policies, practices and processes
- Appoint data protection officer
- Maintain a record of processing activities
- Notify purpose and seek consent
- Enforce technical measures enhancing privacy
- Undertake data protection impact assessment
- Review existing contracts with third parties/ vendors and draft new contracts incorporating data protection clauses
- Conduct data audits
- Put in place incident/ breach management system
- For cross border data transfer adopt appropriate mechanism