Obtain consent to collect, use or disclose individuals’ personal data

Allow individuals to withdraw consent

Collect, use or disclose personal data only forin accordance with the organisation’s Data Protection Management Programme (DPMP)

Document the flows of personal data within the organisation

Create content registry to record consent provided by individuals to the organisation

Develop the organisation’s Data Protection Management Programme (DPMP) in accordance with legal requirements

Review the organisation’s DPMP to determine gaps and areas for improvement

Formulate the organisation’s regional DPMP

Conduct a DPIA to identify, assess and manage