Controllers must implement appropriate technical and organisational measures and procedures to ensure that processing safeguards the rights of the data subject by design.

There are a few key steps if a business did not want to embark on a full review and overhaul just yet: (i) minimise data collected; (ii) do not retain that data beyond its original purpose; and, (iii) give the data subject access and ownership of that data.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.