Meant for small and medium enterprises, a draft GDPR code of conduct for Data Processors has been submitted for approval in the Netherlands.

It contains detailed requirements for data processor compliance including:

  • Documented data protection plan
  • Information security management system based on a recognized standard
  • At least annual evaluation of your privacy and information security framework
  • Store client data separately from other clients
  • Render data inaccessible within no more than three months after client agreement ends

Read a detailed analysis with useful takeaways.