Once the analysis of the data being processed has been carried out, the most appropriate measures for the processing must be chosen and the way in which they are to be applied must be decided. The AEPD provides a series of guides with measures aimed at demonstrating compliance with the regulations, such as, for example, carrying out an impact assessment, appointing a Data Protection Delegate or notifying security breaches, among others.
Regardless of which measures have been chosen, the most important thing is that they have been implemented correctly and are the most suitable for the processing.
Secondly, the measures chosen will have to be reviewed and updated periodically, and whenever there is any significant change in the organization. This minimizes the risk of non-compliance with the Regulation and enhances the application of the principle of proactive accountability.
Finally, evidence of the measures implemented should be collected as proof that the principle of proactive responsibility is being complied with.