<aside> ⚖️ What the law says: The General Data Protection Regulation (GDPR) governs the processing of personal data within the European Union and enhances citizens' control over the use of their personal data.

The GDPR applies to all organizations that process personal data, regardless of whether it is for themselves or on behalf of others. It applies to organizations that are established in the European Union or whose activities directly target European residents. The GDPR also extends to subcontractors who process personal data on behalf of other organizations.

• Seven core principles (Art. 5.1 GDPR)

Failure to comply with the GDPR can result in significant financial penalties, which can amount to up to 20 million euros or 4% of the global annual turnover for companies.

</aside>

Develop your GDPR and Data Protection policies

⇒ Create a comprehensive data protection policy that outlines how your organisation handles personal data.

GDPR Policy template (by Apiday):

GDPR Policy template_Apiday.pdf

Data Protection Policy template (by Apiday):

Data security policy template_Apiday.pdf

GDPR compliance checklist

• [ ] Appoint a Data Protection Officer to oversee GDPR compliance
• [ ] Conduct a data audit
• [ ] Implement Privacy by Design
• [ ] Establish a data protection policy
• [ ] Define a data breach response plan

GDPR Toolkit (by the CNIL):

GDPR toolkit

Code of Conduct Guidelines (by the CNIL):

https://www.cnil.fr/sites/cnil/files/2023-06/graphic_design_code_of_conduct.pdf