These are technical controls - are you sure they're the right ones for your organisation - - or even needed? Organisations that comply with the GDPR typically employ a data protection officer - the person responsible for creating or overseeing the creation and ongoing maintenance of a privacy impact assessment. That feeds into requirements long before any code is written, let alone implementing other procedural or technical controls.
mhoad|3 years ago