An institution will be compliant if it can demonstrate that it maintains adequate evidence that it complies with the requirements of the GDPR. Even if your institution considers that it has already implemented all the requirements of the GDPR, can you guarantee that you have adequate evidence that your contracts, website, IT applications, data processing, business processes, etc. continue to guarantee compliance?
More information here.
Related content
