- Appoints a data protection officer, imposing contractual obligations on processors, and using the principles of “privacy by design” and “privacy by default.”
- Additionally, a data controller must be able to demonstrate compliance, including by keeping a record of processing activities and conducting privacy impact assessments.
