Summary overview of the main standard requirements required for the GDPR adaptation of structures / organizations. The framework must be considered purely by way of example and provides only a rough indication of some of the main requirements required.  


• persons in charge of personal data processing appointment;
• external suppliers's appointment 

• competent doctor's appointment (where required);
• customer's privacy notice
(also written in a foreign language where required);
• employees's privacy notice;
• suppliers's privacy notice;
• privacy policy notice's video surveillance;
• personal CVs receiving, privacy notice;
• photographic material publication's privacy notice;
• rules of conduct and implementation procedures for the use of IT systems, e-mail and internet;
• treatment registers;
• privacy procedures;
• P-DIA (Privacy Data Impact Assessment) (where required)
• DPO's appointment (where required)
• website privacy policy;
• website cookie policy;

• interested party right exercise model access;

• Authority violation report model (data breach)





• authorized personal data processing's appoint;
• public disclosure;
• employees's notice;
• suppliers's notice;
• treatment registers;
• behavioral rules's notice;
• self-declaration form for employers' commitment;
• privacy procedures;
• Covid-19 privacy compliance indication with competent doctor