Identify what personal data we have and where that information is.
It is very important to identify where personal information is acquired and stored. It is equally important to know what kind of personal information the organization has, in order to be able to classify it as accurately as possible.
Define and control how personal data is accessed and used
Defining policies, roles and responsibilities for the management and use of personal data as well as the organization and categorization of all information to ensure a correct treatment is essential so you can determine and control how personal data is accessed and used.
Establish security controls and Manage Information Requests and Escape Notifications
Protect your information by preventing infrastructure attacks, with an intrusion monitoring and detection system to prevent, detect, and respond to information vulnerabilities and breaches. Registration and Traceability of all personal information as well as the implementation of Reporting Tools should also be ensured so you can have access to, for example, Audit logs or Compliance Reviews.