The controller must scan the situation in the organization, which includes mapping the movement of personal data (determines the categories of personal data that are processed, whether special categories of personal data are processed, as well as the legality, transparency and purposes of the processing of personal data , transfer of personal data, etc.).

To be transparent, the controller should establish a privacy policy. In some cases, the controller needs to keep records of the processing of personal data. Also, he must ensure the realization of the rights of the subjects of personal data.

More information on the general obligations of the controller is provided in the information sheet ” 10 QUICK STEPS FOR COMPLIANCE WITH THE LAW ON THE PROTECTION OF PERSONAL DATA “, published on the AZLP website.