"In this two part series on creating data protection policies, Ann Bevitt, Partner at Cooley LLP, looks at the changes that will need to be made to internal-facing policies.
Many organisations already have a raft of policies and procedures dealing with data protection. These will need to be updated to ensure compliance with the requirements of the EU General Data Protection Regulation 2016/279 ('GDPR'). In addition, companies will be required to create policies to implement new obligations and rights introduced by the GDPR, such as the right to be forgotten and the right to data portability."
Read the article