The General Data Protection Regulation (GDPR) has significantly upped the ante when it comes to liabilities and penalties. There are various guidelines notified and mandated by GDPR which has direct liabilities onto the organizations (of any kind processing the personal data of EU residents).
Some of them worth mentioning are data breach notifications, identifying lead supervisory authorities, conducting Privacy Impact Analysis (PIA) as desired by supervisory authorities, notifying and explaining the individuals on how to exercise their rights, etc.
In order to comply with these, organizations have started not only reviewing the paperwork such as their policies, privacy programs, processes involving PI, contracts with vendors as well service providers, etc. but also have started focussing on various technical measures and defined rules/configurations of tools/technologies required to implement what is written on documents.
This session was hosted in Best Practices Meet 2017. Click here to know more: https://www.dsci.in/BPM2017/