In addition, the Regulation stipulates that the controller has to demonstrate his compliance with data protection principles, given that the data subject does not always have the knowledge and means to control the processing of his data. (Intersoft Consulting, n.d.)
The Regulation stipulates that if a company carries out systematic and regular data processing on a large scale, it must appoint a data protection officer. The Regulation also stipulates that the appointment of a data protection officer is not mandatory in all cases, in other cases the appointment may be made at the discretion of the company. A data protection specialist is a person who can help a company to streamline data processing processes - review cooperation agreements, prepare assessments or a data processing register. The data protection specialist can be either an employee of the company or outsourced. The specialist should be independent of business decisions. (Asaolu, 2020)
Along with the GDPR, companies must also keep in mind other current regulations. For example, in the financial field, one of these is the requirements of the Law on the Prevention of Money Laundering and Terrorist Financing or AML / KYC, as well as the regulation of the Second Payment Services Directive or PSD2. (FKTK, 2020) There are also other methods and proposals for data protection and privacy, such as SOLID. The idea of SOLID is that your data is stored in a container, and you determine when someone is granted access to your data, who collects the data, and this access right can also be revoked. This way, you control access to your data yourself. (Miller, 2020)
…