100% found this document useful (3 votes)

200 views49 pages

GDPR Compliance Checklist 2022

contains a checklist designed to ensure compliance with the General Data Protection Regulation (GDPR) as of the year 2022. It may include items such as data handling procedures, privacy policies, consent mechanisms, security measures, and other requirements mandated by the GDPR to protect the personal data of individuals.

Uploaded by

raizadaanimesh051

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (3 votes)

200 views49 pages

GDPR Compliance Checklist 2022

Uploaded by

raizadaanimesh051

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 49

GDPR Compliance

Checklist 2022

W: www.vistainfosec.com | E: [email protected]

US Tel: +1-415-513-5261 | UK Tel: +442081333131 | SG Tel: +65-3129-0397

IN Tel: +91 73045 57744 | DUBAI Tel: +971507323723
An ISO27001 Certiﬁed Company, CERT-IN Empanelled, PCI QSA, PCI QPA and PCI SSFA
USA. SINGAPORE. INDIA. UK. MIDDLE EAST. CANADA.
I
OVERVIEW OF EU GDPR REGULATION 04-05
N PRIVACY NOTICE 32-41

D
ACCOUNTABILITY & GOVERNANCE 06-27 DATA SUBJECT RIGHTS 40-85

LAWFUL PROCESSING OF DATA 20-21 BREACH NOTIFICATION 84-87

PRIVACY BY DESIGN & DEFAULT 28-29

E Next Step - GDPR Readiness 88-91

X
DATA SECURITY 28-31
OVERVIEW OF EU GDPR REGULATION
General Data Protection Regulation (GDPR) is a global data pliance Checklist for 2022. The following detailed checklist
privacy law established and enforced in the EU. It is a com- which is an excerpt from the GDPR requirements can help
prehensive law developed to protect and uphold the rights you understand the regulation and guide your business in
of EU Citizens. Organizations dealing with the personal data taking the right steps to prioritize security and privacy of
of citizens of the EU are required to comply with the re- data. The document contains only the important require-
quirements of GDPR. This brings in more transparency in ments in the below-listed excerpt from the GDPR require-
the processing and securing of personal data while also en- ments that is essential to ensure compliance.
suring citizens have control over their personal data. Com-
plying with the requirements outlined in the GDPR can be a
daunting task for organizations as the requirements out-
lined are largely detailed and extensive. So for the benefit of
our readers and organizations looking to achieve GDPR
Compliance we have shared a comprehensive GDPR Com-

04 05
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

1. Controllers should ensure the personal data is pro-

Article 5 Principles of Processing
cessed lawfully, fairly and in a transparent manner con-
Personal Data
cerning the data subject.

2. Collected for speciﬁed, explicit, and legitimate purpos-

es should not further be processed in a manner that is
incompatible with those purposes.

3. Ensuring data minimization in terms of processing ad-

equately, relevant and limited to what is necessary for
the purposes for which they are processed.

4. Ensure accuracy of data and where necessary, keep

up to date with every reasonable step taken to ensure
that personal data are inaccurate, having regard to the
purposes for which they are processed, erased, or recti-
ﬁed without delay.

5. Kept in a form that permits identiﬁcation of data sub-

jects for no longer than is necessary for the purposes for
which the personal data are processed.

06 07
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 5 Principles of Processing 6. Personal data may be stored for longer periods so far
Personal Data as the personal data will be processed solely for archiving
purposes in the public interest, scientiﬁc or historical re-
search purposes, or statistical purposes with appropriate
implementation of the appropriate technical and organi-
zational measures required by this Regulation in order to
safeguard the rights and freedoms of the data subject.

7. Personal data must be processed in a manner that en-

sures appropriate security of the personal data, includ-
ing protection against unauthorized or unlawful pro-
cessing and accidental loss, destruction, or damage,
using appropriate technical or organizational measures.

8. Controller shall be responsible for, and be able to

demonstrate compliance to the principles of processing
personal data.

Article 35 Data Protection Impact 1. The controller shall prior to the processing carry out a
Assessment data protection impact assessment to envisage pro-
cessing operations on the protection of personal data
considering the type of processing personal data using

08 09
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 35 Data Protection Impact new technologies, and taking into account the nature,
Assessment scope, context, and purposes of the processing, that
may likely result in a high risk to the rights and free-
doms of natural persons.

2. The assessment shall contain at least

Systematic description of the envisaged process-
ing operations and the purposes of the process-
ing, including, the legitimate interest pursued by
the controller.
Assessment of the necessity and proportionality of
the processing operations concerning the purpos-
es.
Assessment of the risks to the rights and freedoms
of data subjects.

Measure risk to address it, including safeguards,

security measures, and mechanisms to ensure the
protection of personal data and to demonstrate
compliance with this regulation taking into ac-
count the rights and legitimate interests of data
subjects and other persons concerned.

10 11
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 35 Data Protection Impact 3. Compliance with approved codes of conduct as in Ar-
Assessment ticle 40 by the relevant controllers or processors should
consider in assessing the impact of the processing oper-
ations performed in particular for the purposes of a data
protection impact assessment.

4. Where appropriate, the controller shall seek the views

of data subjects or their representatives on the intended
processing, without prejudice to the protection of com-
mercial or public interests or the security of processing
operations.

5. Where necessary the controller shall review to assess

if the processing is performed in accordance with the
data protection impact assessment at least when there
is a change of the risk represented by processing opera-
tions.

Article 37 Appointment of Data Protection 1. Establish whether the company is required to have a
Ofﬁcer DPO where one of the following applies

Processing is carried out by a public body, except

for courts;

12 13
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 37 Appointment of Data Protection Core activities consist of monitoring operations

Ofﬁcer which by virtue of their nature, scope or purposes
require regular and systematic monitoring of data
subjects on a large scale

Core activities consist of processing a large scope

of special categories of personal data and data re-
lating to criminal convictions and offenses.
2. If the company is not required to have a DPO, you may
appoint a voluntary DPO.

3. DPO contact details must be notiﬁed to the regulato-

ry authority and published to the public.

Article 30 Record Keeping 1. The controller and the controller’s representative,

where applicable, shall maintain a record of processing
activities under its responsibility and include the follow-
ing information-
Name and contact details of the controller and,
where applicable, the joint controller, the control-
ler’s representative, and the data protection ofﬁ-
cer.

14 15
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 30 Record Keeping Purposes of the processing.

Description of the categories of data subjects and

the categories of personal data.

Categories of recipients to whom the personal

data have been or will be disclosed including re-
cipients in third countries or international organi-
zations.

Details of transfers of personal data to a third

country or an international organization, includ-
ing the identiﬁcation of that third country or in-
ternational organization and the documentation
of suitable safeguards.

Where possible, the envisaged time limits for era-

sure of the different categories of data.

Where possible, a general description of the tech-

nical and organizational security measures.

16 17
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 30 Record Keeping 2. The Processor or Processor representative where ap-

plicable shall maintain a record of all categories of pro-
cessing activities carried out on behalf of a controller in-
cluding-

Name and contact details of the processor or pro-

cessors and of each controller on behalf of which
the processor is acting and, where applicable, of
the controller’s or the processor’s representative,
and the data protection ofﬁcer.

Categories of processing are carried out on behalf

of each controller.

Where applicable details of transfers of personal

data to a third country or an international organi-
zation, including the identiﬁcation of that third
country or international organization and, docu-
mentation of suitable safeguards.

General description of the technical and organiza-

tional security measures.

3. Records shall be in writing, including in electronic

form.

18 19
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 30 Record Keeping 4. Controller or the processor and, where applicable, the
controller’s or the processor’s representative, shall make
the record available to the supervisory authority on re-
quest.

LAWFUL PROCESSING OF DATA

Article 6 Establish legal basis and 1. The data subject has given consent to process person-
grounds on which data al data for one or more speciﬁc purposes.
controller processes personal
data. 2. Processing is necessary for the performance of a con-
tract to which the data subject agreed or to take certain
steps at the request of the data subject prior to entering
into the contract.

3. Processing is necessary for compliance with a legal

obligation to which the controller is subject.

4. Processing is necessary to protect the vital interests of

the data subject or another natural person.
5. Processing is necessary for the performance of a task
carried out in the public interest or the exercise of ofﬁ-
cial authority vested in the controller.

20 21
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 6 Establish legal basis and 6. Processing is necessary for the legitimate interests
grounds on which data pursued by the controller or by a third party, except
controller processes personal where such interests are overridden by the interests or
data. fundamental rights and freedoms of the data subject
which require protection of personal data, especially
wherein the data subject is a child.

Article 7 Establish legal basis and 1. Ensure to process personal data based on free consent
grounds for processing through
consent 2. The consent presented should be clear and precise
distinguishable from other matters, in an intelligible
and easily accessible format using clear and plain lan-
guage.

3. The data controller should be able to demonstrate

that the data subject freely gave their consent.

4. The data subject is informed about their ability to

withdraw their consent anytime they wish to do so.

22 23
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 9 Establish legal basis and 1. The Data Subject has given explicit consent.
grounds on which data
controller processes all special 2. Processing is necessary for carrying out the obliga-
categories of personal data. tions and exercising speciﬁc rights of the controller or
the data subject in the ﬁeld of employment and social
security and social protection law.

3. Processing is necessary to protect the vital interests of

the data subject or of another natural person where the
data subject is physically or legally incapable of giving
consent.
4. Processing relates to personal data that are made
public by the data subject.

5. Processing is necessary for the establishment, exer-

cise, or defense of legal claims or whenever courts are
acting in their judicial capacity.

6. Processing is necessary for reasons of substantial

public interest.
7. Processing is necessary for preventive or occupational
medicine, for the assessment of the working capacity of
the employee, medical diagnosis, provision of health or
social care, or treatment or management of health or
social care systems and services.

24 25
IMPORTANT GDPR COMPLIANCE CHECKLIST

ACCOUNTABILITY & GOVERNANCE

Article 9 Establish legal basis and 8. Processing is necessary for reasons of public interest
grounds on which data in the area of public health, such as protecting against
controller processes all special serious cross-border threats to health or ensuring high
categories of personal data. standards of quality and safety of health care.
9. Processing is necessary for archiving purposes in the
public interest, scientiﬁc or historical research purposes,
or statistical purposes.

Article 22 Automated Decision Making 1. The data subject shall have the right not to be subject
& Proﬁling to a decision based solely on automated processing, in-
cluding proﬁling, which produces legal effects.

2. The Data Controller should get the consent of the in-

dividuals for proﬁling and automated decision making.

26 27
IMPORTANT GDPR COMPLIANCE CHECKLIST

PRIVACY BY DESIGN & DEFAULT

Article 25 Privacy by Default The controller shall implement appropriate technical

and organizational measures to ensure by default, only
personal data necessary for each speciﬁc purpose of the
processing are processed. That obligation applies to the
amount of personal data collected, the extent of their
procesxsing, the period of their storage, and their acces-
sibility. In particular, such measures shall ensure that
by default personal data are not made accessible with-
out the individual’s intervention to an indeﬁnite number
of natural persons.

DATA SECURITY

Article 32 Security of Data Processing 1. Taking into account the state of the art, the costs of
implementation and the nature, scope, context, and
purposes of the processing, as well as the risk of varying
likelihood and severity for the rights and freedoms of
natural persons, the controller, and the processor, shall
implement appropriate technical and organizational
measures to ensure a level of security appropriate to the
risk, including.

28 29
IMPORTANT GDPR COMPLIANCE CHECKLIST
DATA SECURITY

Article 32 Security of Data Processing Pseudonymisation and encryption of personal

data

Ensure the ongoing conﬁdentiality, integrity, avail-

ability, and resilience of processing systems and
services
Measures to restore the availability and access to
personal data in a timely manner in the event of a
physical or technical incident
Process for regularly testing, assessing, and evalu-
ating the effectiveness of technical and organiza-
tional measures for ensuring the security of the
processing.

2. Adherence to an approved code of conduct as in Arti-

cle 40 or an approved certiﬁcation mechanism as in Ar-
ticle 42 may be used as an element by which to demon-
strate compliance with the requirements.
3. Ensure that controller and processor shall take steps
to ensure that any natural person acting under the au-
thority of the controller or the processor who has access
to personal data does not process them except on in-
structions from the controller unless he or she is re-
quired to do so by Union or Member State law.

30 31
IMPORTANT GDPR COMPLIANCE CHECKLIST

PRIVACY NOTICE

Article 12 Language and communication 1. The language in the Privacy notice should be clear
in Privacy Notice concise, transparent, intelligible and in an easily accessi-
ble form, using plain language in particular for informa-
tion addressed to a child.
2. The information shall be provided in writing, or by
other means, including, where appropriate, by electron-
ic means. When requested by the data subject, the in-
formation may be provided orally, provided that the
identity of the data subject is proven by other means.

3. Where the data subject requests by electronic form

mean, the information shall be provided by electronic
means where possible, unless otherwise requested by
the data subject.
4. The Privacy Notice should be delivered in a format
that is user-friendly which means in readable font size
and text easily visible, intelligible, and legible manner
with a meaningful overview of the intended processing.

32 33
IMPORTANT GDPR COMPLIANCE CHECKLIST

PRIVACY NOTICE

Article 12 Language and communication 5. Information provided under Articles 13 and 14 where
in Privacy Notice the personal data is either collected by the data subject
or third party and any communication and any actions
taken under Articles 15 to 22 which is concerning the
rights of data subjects and communication of data
breach under Article 34 shall be provided free of charge.

6. In case the request from the data subject are mani-

festly unfounded or excessive, in particular, because of
their repetitive character, the controller may either:

Charge a reasonable fee taking into account the

administrative costs of providing the information
or communication or taking the action requested;
or

Refuse to act on the request.

The Data controller shall bear the burden of demon-

strating the manifestly unfounded or excessive charac-
ter of the request.

34 35
IMPORTANT GDPR COMPLIANCE CHECKLIST

PRIVACY NOTICE

Article 13 Privacy Notice must be given The Privacy Notices must be given at the time the data
in a timely manner to the data is obtained from the data subject, or from a third party,
subject but within a reasonable period after obtaining the data
which is at the latest within one month.

Article 13 Privacy Notice must be given The information to be mentioned in the privacy notice
in a timely manner to the data should include
subject The identity and the contact details of the control-
ler and data protection ofﬁcer (where applicable)
Purposes of processing the personal data and the
legal basis for the processing, including the legiti-
mate interests pursued by the controller.

Recipients or categories of recipients of the per-

sonal data, if any.
Inform and provide details where the controller in-
tends to transfer personal data to a third country
or international organization. Also, provide details
on how the transfer ensures the adequacy of pro-
tection (i.e. which of the approved transfer mecha-
nisms are used).

36 37
IMPORTANT GDPR COMPLIANCE CHECKLIST

PRIVACY NOTICE

Article 13 Privacy Notice must be given Period for which the personal data will be stored,
in a timely manner to the data or if that is not possible, the criteria used to deter-
subject mine that period.

Existence of the right to request from the Control-

ler access to and rectiﬁcation or erasure of person-
al data or restriction of processing concerning the
data subject or to object to the processing as well
as the right to data portability.
Where the processing is based on consent, the ex-
istence of the right to withdraw consent at any
time, without affecting the lawfulness of process-
ing based on consent before its withdrawal.

Right to complain with a supervisory authority.

Whether the provision of personal data is a statu-

tory or contractual requirement, or a requirement
necessary to enter into a contract, as well as
whether the data subject is obliged to provide the
personal data and of the possible consequences of
failure to provide such data.

38 39
IMPORTANT GDPR COMPLIANCE CHECKLIST

PRIVACY NOTICE

Article 13 Privacy Notice must be given Existence of automated decision-making, includ-

in a timely manner to the data ing proﬁling, meaningful information about the
subject logic involved, and the signiﬁcance and probable
consequences of such processing for the data sub-
ject.

DATA SUBJECT RIGHTS

Article 15 - 22 GDPR is about upholding the rights of data subjects

and so the data controller must ensure having in place
measures to comply with the rights of data subjects
listed below.

Article 16 Right to Rectiﬁcation 1. The data subject shall have the right to obtain from
the controller without undue delay the rectiﬁcation of
inaccurate personal data concerning him or her.
2. Considering the purposes of the processing, the data
subject shall have the right to have incomplete person-
al data completed, including by means of providing a
supplementary statement.

40 41
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 17 Right to Erasure 1. The data subject shall have the right to the erasure of
personal data concerning him/her without undue
delay and the controller shall have the obligation to
erase personal data without undue delay.

2. The grounds for obligation stands on-

When personal data is no longer necessary in rela-
tion to the purposes for which they were collected
or otherwise processed.

The data subject withdraws consent on which the

processing is based on the lawfulness (Article 6)
and for special category data (Article 9) and now
where there is no other legal ground for the pro-
cessing.

The data subject objects to the processing and

there are no overriding legitimate grounds for the
processing.

Personal data has been unlawfully processed

Personal data have to be erased for compliance

with a legal obligation in Union or Member State
law to which the controller is subject.

42 43
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 17 Right to Erasure Personal data have been collected in relation to

the offer of information society services as per Ar-
ticle 8

Article 18 Right to Restrict Processing The data subject shall have the right to restriction of
processing of data wherein-

If the accuracy of the personal data is contested by

the data subject, for a period enabling the control-
ler to verify the accuracy of the personal data the
processing shall be restricted.

Processing is unlawful and the data subject op-

poses the erasure of the personal data and re-
quests the restriction of their use instead.
The controller no longer needs the personal data
for the processing, but they are required by the
data subject for the establishment, exercise, or de-
fense of legal claims.
The data subject has objected to processing ac-
cording to pending veriﬁcation whether the Data
Controller has legitimate grounds to override
those of the data subject.

44 45
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 19 Right to Notification obligation 1. The controller shall communicate any rectification or
regarding rectification, erasure, erasure of personal data or restriction of processing
and restriction of processing carried out in accordance with Article 16, Article 17 &
personal data Ar-ticle 18.

2.The controller must also notify each recipient to

whom the personal data have been disclosed unless
this proves impossible or involves disproportionate
effort.

3.The controller shall inform the data subject about

those recipients if the data subject requests it.

Article 20 Right to Data Portability 1. Data subject shall have the right to receive the per-
sonal data concerning him or her, which he or she has
provided to a controller, in a structured, commonly
used, and machine-readable format.
2. The Data Subject has the right to data portability
where the data subject shall have the right to have the
personal data transmitted directly from one controller
to another without hindrance from the controller,
where technically feasible.

46 47
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 21 Right to object 1. Data subject shall have the right to object the pro-
cessing of his/her personal data at any time including
proﬁling unless the controller demonstrates compel-
ling legitimate grounds for the processing which over-
ride the interests, rights, and freedoms of the data
sub-ject or for the establishment, exercise or defense
of legal claims.

2. Data subject shall have the right to object at any

time to processing of personal data concerning him/
her where personal data is processed for direct
marketing purposes including proﬁling.

3. The Controller must at the time of the communica-

tion with the data subject, shall explicitly bring to the
attention of the data subject their right to object pro-
cessing under Article 6 and shall be presented clearly
and separately from any other information.

4.In the context of the use of information society ser-

vices, and notwithstanding Directive 2002/58/EC, the
data subject may exercise their right to object by auto-
mated means using technical speciﬁcations.

48 49
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 21 Right to object 5. Where personal data are processed for scientiﬁc or
historical research purposes or statistical purposes as
per Article 89, the data subject, on grounds relating to
their particular situation shall have the right to object
the processing of personal data concerning them
unless the processing is necessary for reasons of public
interest.

Article 22 Automated Individual Decision 1. Data subjects have the right not to be subject to a
making including profiling de-cision based solely on automated processing,
including profiling, which produces legal effects
concerning them or significantly affects them.

2.In the case where the right to a decision on automat-

ed processing cannot be exercised on the grounds of –

Necessary for entering into, or performance of, a

contract between the data subject and a data con-
troller.
Authorized by Union or Member State law to
which the controller is subject.

Based on the data subject’s explicit consent.

50 51
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 22 Automated Individual Decision The data controller shall implement suitable measures
making including proﬁling to safeguard the data subject’s rights and freedoms
and legitimate interests, at least the right to obtain
human intervention on the part of the controller, to ex-
press their point of view, and to contest the decision.

3. The decision of not exercising the right to automated

processing by the data controller is not applicable for
special category data as under Article 9 again unless –

Data subject had given explicit consent to the pro-

cessing of personal data for one or more speciﬁed
purposes, except where Union or Member State
law provides that the prohibition.
Processing is necessary for reasons of substantial
public interest, based on Union or Member State
law.

But with suitable measures to safeguard the data sub-

ject’s rights and freedoms and legitimate interests are
in place.

52 53
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 23 Restriction 1. Right to restriction of processing to verify accuracy of

data, or where processing is unlawful but the data sub-
ject opposes the erasure of the personal data and
rather requests the restriction of their use.

2. Right to restriction also applies wherein the control-

ler may no longer need the data but the data subject
requires the controller to keep the data for the defense
of legal claims or pending veriﬁcation of whether the
legitimate interests of the controller in processing
override those of the individual.

TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

OR INTERNATIONAL ORGANIZATIONS

Article 44 Transfer of data to a third 1. Any transfer of personal data which are undergoing
country or international processing or are intended for processing after transfer
organization to a third country or an international organization shall
take place only if, subject to provisions and ensure that
the level of protection of data subject is guaranteed by
this Regulation is not undermined.
The transfer of personal data transfer to a third country
or an international organization shall take place based
on-

54 55
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 44 Transfer of data to a third Transfer based on adequacy

country or international
organization Transfers subject to appropriate safeguards

Transfers based on binding corporate rules

Transfer or disclosure not authorized by Union Law

Derogation to the speciﬁc situation

International Corporation for the protection of per-

sonal data.

Article 45 Transfer on the basis 1. Transfer of personal data to a third country or an in-
of adequacy ternational organization may take place where the
Commission has decided that the third country, a terri-
tory, or speciﬁed sectors within that third country, or
the international organization ensures an adequate
level of protection.
2. Transfer of personal data to a third country or an in-
ternational organization based on assessing the ade-
quacy of the level of protection considering –

56 57
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 45 Transfer on the basis Rule of law, respect for human rights and funda-
of adequacy mental freedoms, relevant legislation, both general
and sectoral, including concerning public security,
defense, national security, and criminal law, and the
access of public authorities to personal data.

Implementation of such legislation, data protection

rules, professional rules, and security measures, in-
cluding rules for the onward transfer of personal
data to another third country or international orga-
nization which is complied with in that country or
international organization, case-law, as well as effec-
tive and enforceable data subject rights and effec-
tive administrative and judicial redress for the data
subjects whose personal data are being transferred.

existence and effective functioning of one or more

independent supervisory authorities in the third
country or to which an international organization is
subject to responsibility for ensuring and enforcing
compliance with the data protection rules, includ-
ing adequate enforcement powers, for assisting and
advising the data subjects in exercising their rights
and for cooperation with the supervisory authorities
of the Member States.

58 59
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 45 Transfer on the basis International commitments to the third country or

of adequacy international organization concerned has entered
into, or other obligations arising from legally bind-
ing conventions or instruments and its participation
in multilateral or regional systems, in particular in
relation to the protection of personal data.

3. The Commission, after assessing the adequacy of the

level of protection, may decide, by means of imple-
menting act, that a third country, a territory or more
speciﬁed sectors within the third country, or an inter-
national organization ensures an adequate level of pro-
tection and the implementing act provides for a mech-
anism for a periodic review, at least every four years,
taking into account all relevant developments in the
third country or international organization.

4. Commission shall, on an ongoing basis, monitor de-

velopments in third countries and international organi-
zations that could affect the adequacy level of protec-
tion.

60 61
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 45 Transfer on the basis 5. Commission shall, where available information re-
of adequacy veals, that third country, a territory or speciﬁed sectors
within a third country, or an international organization
no longer ensures an adequate level of protection to
the extent necessary, repeal, amend or suspend the de-
cision by means of implementing acts without retroac-
tive effect.

6. Commission shall enter into consultations with the

third country or international organization to remedy
the situation giving rise to the decision made by means
of implementing acts.

7. The decision taken to transfers personal data to the

third country, a territory, or one or more speciﬁed sec-
tors within that third country, or the international orga-
nization is without prejudice.

8. Commission shall publish in the Ofﬁcial Journal of

the European Union and on its website a list of the
third countries, territories, and speciﬁed sectors within
third countries and international organizations that
have or do not have an adequate level of protection.

9. Decisions adopted by the Commission shall remain

in force until amended, replaced, or repealed by a Com-
mission Decision.
62 63
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 46 Transfer Subject to appropriate 1. The Controller or processor may transfer personal
safeguard data to a third country or an international organization
only if the controller or processor has provided appro-
priate safeguards, and on condition that enforceable
data subject rights and effective legal remedies for
data subjects are available.
2. The appropriate safeguards provided for shall be
without requiring any speciﬁc authorization from a su-
pervisory authority, by-
Legally binding and enforceable instrument be-
tween public authorities or bodies

Binding corporate rules in accordance with Article

Standard data protection clauses adopted by the

Commission in accordance with the examination
procedure as under Article 93 of Committee Proce-
dures.
An approved code of conduct as under Article 40
together with binding and enforceable commit-
ments of the controller or processor in the third
country to apply the appropriate safeguards, in-
cluding as regards data subjects’ rights.

64 65
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 46 Transfer Subject to appropriate 3. If subject to authorization from the competent su-
safeguard pervisory authority, the appropriate safeguards may
also be provided for, in particular, by
Contractual clauses between the controller or pro-
cessor and the controller, processor, or the recipi-
ent of the personal data in the third country or in-
ternational organization.
Provisions to be included in the administrative ar-
rangements between public authorities or bodies
which include enforceable and effective data sub-
ject rights.
The supervisory authority shall apply the consisten-
cy mechanism as under Article 63.

4. Authorisations by a Member State or supervisory au-

thority based on Joint Controller as under Article 26(2)
shall remain valid until amended, replaced, or repealed,
if necessary, by that supervisory authority.
5. Decisions adopted by the Commission based on the
Article 26 Joint Controller shall remain in force until
amended, replaced, or repealed, if necessary, by a
Commission Decision adopted in accordance with Arti-
cle 46 of Transfer Subject to appropriate safeguard.

66 67
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 47 Binding Corporate Rules 1. Competent supervisory authority shall approve bind-
ing corporate rules in accordance with the consistency
mechanism set out in Article 63, provided that they-
Are legally binding and applies to and is enforced
by every member concerned of the group of un-
dertakings, or group of enterprises engaged in a
joint economic activity, including their employees.
Expressly confer enforceable rights on data sub-
jects concerning the processing of their personal
data.

Fulﬁll the requirements by providing details as

mentioned in the binding corporate rules.
2. Binding corporate rules shall speciﬁc details such as -

Structure and contact details of the group of un-

dertakings, or group of enterprises engaged in
joint economic activity and of each of its members.
Data transfers or set of transfers, including the cat-
egories of personal data, type of processing and its
purposes, the type of data subjects affected, and
the identiﬁcation of the third country or countries
in question

68 69
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 47 Binding Corporate Rules Legally binding nature, both internally and exter-
nally

Application of the GDPR principles, including pur-

pose limitation, data minimization, limited storage
periods, data quality, data protection by design and
by default, the legal basis for processing, process-
ing of special categories of personal data, mea-
sures to ensure data security, and the require-
ments concerning the onward transfers to bodies
not bound by the binding corporate rules.
Rights of data subjects regarding the processing
and exercising rights, including the right not to be
subject to automated processing, including proﬁl-
ing, right to lodge a complaint with the competent
supervisory authority and before the competent
courts of the Member States in accordance with Ar-
ticle 79, and obtain redress and, where appropriate,
compensation for a breach of the binding corpo-
rate rules.

70 71
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 47 Binding Corporate Rules Acceptance by the controller or processor estab-

lished on the territory of a Member State of liability
for any breaches of the binding corporate rules by
any member concerned not established in the
Union. That said, the controller or the processor
shall be exempt from that liability, in whole or in
part, only if it proves that that member is not re-
sponsible for the event giving rise to the damage.

How the information on the binding corporate

rules, in particular on the provisions Application of
the GDPR principles, Rights of data subjects, Ac-
ceptance of liability for any breaches is provided to
the data subjects in addition to Articles 13 which is
information to be provided where personal data
are collected from the data subject 14 which is In-
formation to be provided where personal data have
not been obtained from the data subject.

Tasks of any data protection ofﬁcer designated in

accordance with Article 37 or any other person or
entity in charge of the monitoring compliance with
the binding corporate rules within the group of un-
dertakings, or group of enterprises engaged in a
joint economic activity, as well as monitoring train-
ing and complaint-handling.

72 73
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 47 Binding Corporate Rules Complaint procedures

Mechanisms for ensuring the veriﬁcation of com-

pliance with the binding corporate rules mecha-
nisms shall include data protection audits and
methods for ensuring corrective actions to protect
the rights of the data subject.
Mechanisms for reporting and recording changes
to the rules and reporting those changes to the su-
pervisory authority.

Cooperation mechanism with the supervisory au-

thority to ensure compliance by any member of the
group of undertakings, or group of enterprises en-
gaged in a joint economic activity, in particular by
making available to the supervisory authority the
results of veriﬁcations of the measures.

Mechanisms for reporting to the competent super-

visory authority any legal requirements to which a
member of the group of undertakings, or group of
enterprises engaged in a joint economic activity is
subject in a third country likely to have a substan-
tial adverse effect on the guarantees provided by
the binding corporate rules.

74 75
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 47 Binding Corporate Rules Appropriate data protection training to personnel

having permanent or regular access to personal
data.

3. Commission may specify the format and procedures

for the exchange of information between controllers,
processors, and supervisory authorities for binding cor-
porate rules.
4. The implementing acts shall be adopted in accor-
dance with the examination procedure set out in Arti-
cle 93

Article 48 Transfers or disclosures not 1. Any judgment of a court or tribunal and any decision
authorized by Union law of an administrative authority of a third country requir-
ing a controller or processor to transfer or disclose per-
sonal data may only be recognized or enforceable if
based on an international agreement, such as a mutual
legal assistance treaty, in force between the requesting
third country and the Union or a Member State, with-
out prejudice to other grounds for transfer.

76 77
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 49 Derogations for speciﬁc 1. In the absence of an adequacy decision or of appro-

situations priate safeguards including binding corporate rules as
under Article 45, Article 46, Article 47, a transfer or a set
of transfers of personal data to a third country or an in-
ternational organization shall take place only on one of
the following conditions-
The data subject has explicitly consented to the
proposed transfer, after having been informed of
the possible risks of such transfers due to the ab-
sence of an adequacy decision and appropriate
safeguards.
The transfer is necessary for the performance of a
contract between the data subject and the control-
ler or the implementation of pre-contractual mea-
sures taken at the data subject’s request.

The transfer is necessary for the conclusion or per-

formance of a contract concluded in the interest of
the data subject between the controller and anoth-
er natural or legal person.

The transfer is necessary for important reasons of

public interest.

78 79
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 49 Derogations for speciﬁc The transfer is necessary for the establishment, ex-
situations ercise, or defense of legal claims.
The transfer is necessary to protect the interests of
the data subject or of other persons, where the
data subject is physically or legally incapable of
giving consent.

The transfer is made from a register which accord-

ing to Union or Member State law is intended to
provide information to the public and which is
open to consultation either by the public in general
or by any person who can demonstrate a legiti-
mate interest, but only to the extent that the condi-
tions laid down by Union or Member State law for
consultation are fulﬁlled in the particular case.

The transfer could not be based on a provision in

adequacy decision or appropriate safeguards in-
cluding binding corporate rules as under Article 45,
Article 46, Article 47, and none of the derogations
for a speciﬁc situation, the transfer to a third coun-
try or an international organization may take place
only if the transfer is not repetitive, concerns only a
limited number of data subjects, and necessary for
the purposes of compelling legitimate interests by

80 81
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 49 Derogations for speciﬁc the controller that does not override the interests
situations or rights and freedoms of the data subject, and the
controller has assessed all the circumstances sur-
rounding the data transfer and has based on that
assessment provided suitable safeguards concern-
ing the protection of personal data.

The controller shall inform the supervisory authori-

ty of the transfer and also provide the information
referred to in Articles 13 and 14, to the data subject
of the transfer and on the compelling legitimate in-
terests pursued.
2. Transfer shall not involve the entirety of the personal
data or entire categories of the personal data con-
tained in the register.
3. In the case where the register is intended for consul-
tation by persons having a legitimate interest, the
transfer shall be made only at the request of those per-
sons or if they are to be the recipients.

4. Transfer of data based on public interest shall be rec-

ognized in Union law or in the law of the Member State
to which the controller is subject.

82 83
IMPORTANT GDPR COMPLIANCE CHECKLIST

DATA SUBJECT RIGHTS

Article 49 Derogations for speciﬁc 5. In the absence of an adequacy decision, Union or

situations Member State law may, for important reasons of public
interest, expressly set limits to the transfer of speciﬁc
categories of personal data to a third country or an in-
ternational organization. Further, this provision shall be
notiﬁed to the commission.

6. Controller or processor shall document the assess-

ment and the suitable safeguards in accordance with
Article 30 of Records of processing activities.

BREACH NOTIFICATION

Article 33 Breach Notiﬁcation to 1. In the case of a personal data breach, the controller
Supervisory Authority & shall without undue delay and, where feasible, not later
Data subject than 72 hours after having become aware of it, notify
the personal data breach to the supervisory authority.

2. Where the notiﬁcation to the supervisory authority is

not made within 72 hours, it shall be accompanied by
reasons for the delay.

3. Processor shall notify the controller without undue

delay after becoming aware of a personal data breach.

84 85
IMPORTANT GDPR COMPLIANCE CHECKLIST

BREACH NOTIFICATION

Article 33 Breach Notiﬁcation to 4. Notiﬁcation must include information that-

Supervisory Authority & Describe the nature of the personal data breach in-
Data subject cluding where possible, the categories and the ap-
proximate number of data subjects concerned and
the categories and the approximate number of
personal data records concerned.
Communicate the name and contact details of the
data protection ofﬁcer or other contact points
where more information can be obtained.
Describe the likely consequences of the personal
data breach.
Describe the measures taken or proposed to be
taken by the controller to address the personal
data breach, including, where appropriate, mea-
sures to mitigate its possible adverse effects.
5. Where, and as far as if not possible to provide the in-
formation at the notifying the breach, the information
may be provided in phases without undue further
delay.
6. Controller shall document any personal data breach-
es, comprising the facts relating to the personal data
breach, its effects, and the remedial action is taken.

86 87
Next Step - GDPR Readiness

Moving forward your organizations should take into account the following steps to ensure GDPR
Compliance readiness before conducting the ﬁnal audit.

Data Awareness
Governance
Classiﬁcation Training

Identify and Determine the Educate employees about Orgainzation must deter-
kind of data that falls in the regulation and its re- mine whether they need to
scope of GDPR. Thereafter quirements. Make them appoint a Data Protection
what sensitive or personal aware of their key respon- Ofﬁcer (DPO) and also
data needs to be protected sibilities and consequences deﬁne roles and responsi-
which also includes keep- of not complying. bilities in terms of identify-
ing a track of who has ing who would be in
access, to those data. charge of managing GDPR.

88 89
Next Step - GDPR Readiness

Moving forward your organizations should take into account the following steps to ensure GDPR
Compliance readiness before conducting the ﬁnal audit.

Integrate Security Policy & Process Review

& Privacy Solution Implementation & Monitor

Implement and integrate Establish policies, proce- Review the implemented

security, privacy by design dures and processes that policies, procedures and
and default in the organi- aids the security and priva- processes and ensure that
zations systems and pro- cy of data and helps in the the organization has priori-
cesses. Integrate software compliance process. tized security and privacy
that aids in the compliance in its overall processes.
process.

90 91
ACTIONABLE
STEPS
TO ACHIEVE GDPR
COMPLIANCE
REGISTER FOR FREE ONE SESSION
OF COMPLIANCE CONSULTATION

https://www.vistainfosec.com/book-free-compliance-consultation/
CONTACT US

US Tel: +1-415-513-5261 | UK Tel: +442081333131

SG Tel: +65-3129-0397 | IN Tel: +91 73045 57744
DUBAI Tel: +971507323723

www.vistainfosec.com

[email protected]

GDPR Gap Analysis PDF
No ratings yet
GDPR Gap Analysis PDF
17 pages
1 - Defradar - GDPR Implementation Guide v2
100% (1)
1 - Defradar - GDPR Implementation Guide v2
18 pages
Privacy 27701 RMISC
No ratings yet
Privacy 27701 RMISC
41 pages
7.2 M GDPR Detailed Gap Assessment Input
No ratings yet
7.2 M GDPR Detailed Gap Assessment Input
1 page
Privacy Intro and Implementation Toolkits (GDPR and ISO 27701)
No ratings yet
Privacy Intro and Implementation Toolkits (GDPR and ISO 27701)
8 pages
GDPR Checklist PDF
50% (2)
GDPR Checklist PDF
4 pages
ISO/IEC 27701 Implementation Guide: Globally
No ratings yet
ISO/IEC 27701 Implementation Guide: Globally
5 pages
List of Documents in The CERTIKIT GDPR Toolkit V2
100% (1)
List of Documents in The CERTIKIT GDPR Toolkit V2
2 pages
Data Protection Impact Assessment Report
100% (1)
Data Protection Impact Assessment Report
22 pages
Understanding The ISO 27001 Framework
100% (2)
Understanding The ISO 27001 Framework
9 pages
GDPR Accountability Checklist - (1p)
100% (1)
GDPR Accountability Checklist - (1p)
1 page
GDPR Audit Checklist
100% (1)
GDPR Audit Checklist
7 pages
CIS Controls v8 Privacy Guide.22.01
100% (1)
CIS Controls v8 Privacy Guide.22.01
84 pages
Auditing Data Protection
No ratings yet
Auditing Data Protection
43 pages
Legend Register of Processing Activities Ropa
100% (1)
Legend Register of Processing Activities Ropa
12 pages
How-to-Audit-GDPR WHP Eng 1018 PDF
No ratings yet
How-to-Audit-GDPR WHP Eng 1018 PDF
17 pages
Policy 5.1.1 Data Protection Policy
No ratings yet
Policy 5.1.1 Data Protection Policy
25 pages
Iso 27001 Vs Nist
No ratings yet
Iso 27001 Vs Nist
7 pages
Dpia Iot
100% (1)
Dpia Iot
50 pages
Data Protection Audit Manual - (173p)
No ratings yet
Data Protection Audit Manual - (173p)
173 pages
DPIA Guidance V5
No ratings yet
DPIA Guidance V5
8 pages
SCF Security & Privacy Capability Maturity Model Overview
100% (3)
SCF Security & Privacy Capability Maturity Model Overview
14 pages
Hipaa and Hitech Act: Compliance Guide
No ratings yet
Hipaa and Hitech Act: Compliance Guide
28 pages
Eu GDPR
100% (1)
Eu GDPR
11 pages
Information Security and Data Protection 1697064018
No ratings yet
Information Security and Data Protection 1697064018
2 pages
Brexit Data Protection Flowchart
No ratings yet
Brexit Data Protection Flowchart
20 pages
Privacy Information Management With ISO 27701: Who Should Implement ISO 27701?
No ratings yet
Privacy Information Management With ISO 27701: Who Should Implement ISO 27701?
17 pages
ISO27701 and GDPR Gaps and Overlaps
No ratings yet
ISO27701 and GDPR Gaps and Overlaps
13 pages
Using RACI Charts For GDPR Implementation
100% (2)
Using RACI Charts For GDPR Implementation
15 pages
Privacy Frameworks 1 3 1690900933
No ratings yet
Privacy Frameworks 1 3 1690900933
2 pages
GDPR Awareness
100% (2)
GDPR Awareness
25 pages
Data Subject Rights Request Guide
No ratings yet
Data Subject Rights Request Guide
15 pages
Demystifying The General Data Protection Regulation (GDPR)
100% (3)
Demystifying The General Data Protection Regulation (GDPR)
29 pages
NOREA Privacy Control Framework v1.0
100% (1)
NOREA Privacy Control Framework v1.0
68 pages
CIPM Exam - Page 6 - ExamTopics
No ratings yet
CIPM Exam - Page 6 - ExamTopics
10 pages
DPDP For CISO
No ratings yet
DPDP For CISO
59 pages
Thrive GDPR Audit Template
No ratings yet
Thrive GDPR Audit Template
2 pages
Privacy Toolkit (GDPR+ISO 27001)
100% (3)
Privacy Toolkit (GDPR+ISO 27001)
11 pages
ISO27k GDPR Mapping Release 1
100% (1)
ISO27k GDPR Mapping Release 1
19 pages
Guide To Data Protection Impact Assessments 14 Sep 2021
100% (3)
Guide To Data Protection Impact Assessments 14 Sep 2021
36 pages
ISO 27701 Whitepaper
No ratings yet
ISO 27701 Whitepaper
30 pages
It GDPR RACI Chart
No ratings yet
It GDPR RACI Chart
9 pages
Data Protection and Management Training For Champions
0% (1)
Data Protection and Management Training For Champions
5 pages
Getting Ready For GDPR Compliance
No ratings yet
Getting Ready For GDPR Compliance
10 pages
ISO27k Information Asset Inventory v3
No ratings yet
ISO27k Information Asset Inventory v3
3 pages
Draft DPDP Bill
No ratings yet
Draft DPDP Bill
38 pages
Accountability Roadmap For Demonstrable GDPR Compliance PDF
No ratings yet
Accountability Roadmap For Demonstrable GDPR Compliance PDF
70 pages
GDPR and ISO 27001 Infographic
No ratings yet
GDPR and ISO 27001 Infographic
1 page
Dpo Requirements by Country
100% (1)
Dpo Requirements by Country
11 pages
5.data Protection Impact Assessment
No ratings yet
5.data Protection Impact Assessment
19 pages
NIST 800 171 Compliance Scoping Guide
No ratings yet
NIST 800 171 Compliance Scoping Guide
84 pages
GDPR - Skillcast Presentation Template
100% (1)
GDPR - Skillcast Presentation Template
23 pages
ISMS - Sample Apex Manual
No ratings yet
ISMS - Sample Apex Manual
6 pages
Data Privacy Checklist
No ratings yet
Data Privacy Checklist
12 pages
Data Protection Impact Assessment Policy
No ratings yet
Data Protection Impact Assessment Policy
29 pages
GDPR and PIMS Overview
100% (2)
GDPR and PIMS Overview
47 pages
GDPR Compliance Checklist - GDPR - Eu
No ratings yet
GDPR Compliance Checklist - GDPR - Eu
4 pages
Malwarebytes GDPR Quick Start Guide
No ratings yet
Malwarebytes GDPR Quick Start Guide
12 pages
GDPR Checklist PDF PDF
100% (1)
GDPR Checklist PDF PDF
4 pages
The Ceos Guide To GDPR Compliance
No ratings yet
The Ceos Guide To GDPR Compliance
62 pages
The Blue Print in Action - Our Code of Conduct - 2016 - 04 PDF
No ratings yet
The Blue Print in Action - Our Code of Conduct - 2016 - 04 PDF
21 pages
ITRM Final Exam
No ratings yet
ITRM Final Exam
7 pages
CueTrans IVMS
No ratings yet
CueTrans IVMS
4 pages
Problem Solving NRB Officer
No ratings yet
Problem Solving NRB Officer
10 pages
Is 15793 (2007)
No ratings yet
Is 15793 (2007)
2 pages
Standards and Technical Regulations and Firms in Developing Countries: New Evidence From A World Bank Technical Barriers To Trade Survey
No ratings yet
Standards and Technical Regulations and Firms in Developing Countries: New Evidence From A World Bank Technical Barriers To Trade Survey
55 pages
EN To ED Decision 2019-022-R
No ratings yet
EN To ED Decision 2019-022-R
14 pages
Annual Report: Orc Hse Strategies
No ratings yet
Annual Report: Orc Hse Strategies
14 pages
UserGuide4 0
No ratings yet
UserGuide4 0
102 pages
POJK 3 2023 Implementation of Financial Sector Technology Innovation
No ratings yet
POJK 3 2023 Implementation of Financial Sector Technology Innovation
31 pages
Manage Finance
100% (2)
Manage Finance
11 pages
GFH-QA-SPE-00006 - B01 Hazardous Area Ex Compliance - Quality Services Providers Requirements
No ratings yet
GFH-QA-SPE-00006 - B01 Hazardous Area Ex Compliance - Quality Services Providers Requirements
60 pages
Anm 01 03 (A) Final
No ratings yet
Anm 01 03 (A) Final
58 pages
Nidhi 5
No ratings yet
Nidhi 5
2 pages
Grade 12 Controlled Test Term 3 Year 2025 Marking Guidelines
No ratings yet
Grade 12 Controlled Test Term 3 Year 2025 Marking Guidelines
25 pages
Senior Procurement Manager
No ratings yet
Senior Procurement Manager
4 pages
Anti Bribery and Corruption
No ratings yet
Anti Bribery and Corruption
8 pages
Parklea Correctional Centre (MTC Australia) Inmate Access To Records and Documents
No ratings yet
Parklea Correctional Centre (MTC Australia) Inmate Access To Records and Documents
7 pages
Defcon 076
No ratings yet
Defcon 076
5 pages
R & D Report Sample PDF
No ratings yet
R & D Report Sample PDF
43 pages
Accountants
No ratings yet
Accountants
30 pages
ISO 90012015 Clause 4 Context of The Organization
No ratings yet
ISO 90012015 Clause 4 Context of The Organization
23 pages
Bacc432 - Accounting Information Systems Assignment 1 2024
No ratings yet
Bacc432 - Accounting Information Systems Assignment 1 2024
18 pages
RE5 WORKBOOK v3 FEB 2019
No ratings yet
RE5 WORKBOOK v3 FEB 2019
64 pages
Mohammad ZahidHussain CV
No ratings yet
Mohammad ZahidHussain CV
3 pages
Here Is My Attached CV.
No ratings yet
Here Is My Attached CV.
2 pages
Company Profile PDF
No ratings yet
Company Profile PDF
77 pages
HB 323-2007 Employment Screening Handbook
No ratings yet
HB 323-2007 Employment Screening Handbook
10 pages
Research Policy-Shivaji University
No ratings yet
Research Policy-Shivaji University
27 pages
Sample Data - Not For Operational Use: 3Rd Edition, October 2019
0% (1)
Sample Data - Not For Operational Use: 3Rd Edition, October 2019
15 pages