Management and Oversight

Governance and oversight for personal data handling.

A1Strategy and Governance: Design, develop, and maintain policies and controls for protecting personal data that comply with relevant regulations and laws, and that align with the organization's business model and objectives.
A2Supplier Management: Select suppliers that are committed to observing the organization's personal data protection obligations, and manage supplier compliance with them.
A3Monitoring, Reporting, and Enforcement: Establish appropriate measures for monitoring and reporting of non-compliance with personal data protection policies and of the remedial actions taken. Drive improvements based on lessons learned from incidents and near-incidents.