Completion requirements
The role of data protection regulations
You will need to take guidance on the following areas from in-country data protection regulations:
- Definitions of personal and sensitive personal data
- Geographic restrictions relating specifically to personal data
- The lawful basis under which personal data can be processed
- The rights of individuals over personal data about them
- The responsibilities of data controllers in relation to personal data
You must remember that:
- personal data cannot be collected, held or processed without a lawful basis
- data protection laws apply where an organisation has its principal place of business, regardless of where data is stored
You should:
- detail the lawful basis as part of the data governance and privacy impact assessments
- make it clear to individuals as part of the privacy notice