Meant for small and medium enterprises, a draft GDPR code of conduct for Data Processors has been submitted for approval in the Netherlands.

It contains detailed requirements for data processor compliance including:

  • Documented data protection plan
  • Information security management system based on a recognized standard
  • At least annual evaluation of your privacy and information security