2.3 Implementation

TPOmap supports the implementation phase of a Privacy Management Program in the following ways:

2.3.1 Documentation and storage of compliance measures applied to specific data processing activities

To implement the policies/tools designed during the design phase, a proper Data Protection governance in terms of roles of each stakeholder should also be set up (see below for further information 2.5).

As a result, members of the Privacy Team should work together in order to implement the compliance tools created during the Design Phase at the level of the specific processing activities by customizing them to the relevant processing related facts documented in the record of processing activities (ex. adjust the employee notice template to the employee related processing activities, send a completed Controller Processor Agreement to all data recipients qualifying as data processors etc.).

All compliance documentation generated as a result of these efforts can be centrally saved in the TPOmap Documentation Center in a specific folder managed by the Data Protection Officer or Data Protection Manager and the Privacy Team.

2.3.2 Creation of lists of information that support the implementation of compliance measures

To facilitate the implementation of compliance measures, TPOmap automatically creates lists that support the implementation of compliance measures such as:

• List of processors with whom a Controller-Processor Agreement is not yet in place
• List of joint controllers with whom a Joint Controller Arrangement is not yet in place
• Overviews of security gaps
• List of high-risk processing activities for which a DPIA has been/ has not yet been performed etc.