Manage requests by data subjects to access their personal data held by the organization (including the purposes for which it is held and to whom it may be disclosed), and to rectify or erase inaccurate data. Check that the communication channels and agents are authorized by the data subject.
Complete job and business process designs to identify the required roles for personal data protection tasks, and assign employees with the requisite knowledge and experience to the identified roles. Define and allocate the associated personal data protection responsibilities and accountabilities.
Establish and make available a personal data protection training curriculum and other employee developmental mechanisms to ensure employees have the required skills and competences.
Establish a personal data protection-aware culture. Inform stakeholders of key developments to build a shared understanding of how they can contribute to the realization of personal data protection objectives.