It must be ensured that the developed ADFs are compliant with the data protection regulations that apply in the respective countries.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) applies within all member states of the European Union (EU) and the European Economic Area (EEA), and also to organizations outside the EU/EEA if they process personal data of individuals located in the EU/EEA.
The GDPR establishes the principle of accountability, meaning that organizations must not only comply with data protection principles but also be able to demonstrate that compliance. Senior management is expected to lead by example and ensure that appropriate governance, policies, and resources are in place across all levels of the organization.
Main Question
Is responsibility for complying with the GDPR assumed and assured at the highest management level and promoted throughout the organization, including raising awareness among all employees developing ADFs?
Sub-Questions
- Is evidence of the steps taken to comply with the GDPR available?
- Is a data protection documentation, like an information security/data protection checklist available?
- Is there a valid data protection concept, and is it being applied?
References
- General Data Protection Regulation (EU) 2016/679. Available at: https://gdpr-info.eu/ (Accessed: 09 December 2025)