1. Presence of mechanisms which ensure that data is processed:
- based on one of the legal grounds mentioned in art. 6 of the GDPR;
- fairly and in a transparent manner with respect to data subjects;
2.Whether information is kept:
- up to date and
- in limited scope necessary in relation to the purpose for which it is processed;
3. The period for which the personal data will be stored is:
- adequate and
- when expired, the information is erased;
4. A subject has the rights:
- to access;
- to be forgotten;
- to rectification; etc.
5. The company complies with national laws, regulations and guidelines of supervisory authorities in the area of data protection;
6. Data protection system is effective and functions according to best practices;
7. Company is able to demonstrate compliance with data protection requirements to supervisory authorities, data subjects, business-partners.