Meant for small and medium enterprises, a draft GDPR code of conduct for Data Processors has been submitted for approval in the Netherlands.
It contains detailed requirements for data processor compliance including:
- Documented data protection plan
- Information security management system based on a recognized standard
- At least annual evaluation of your privacy and information security framework
- Store client data separately from other clients
- Render data inaccessible within no more than three months after client agreement ends