<<organisation name>> will set up a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing of personal data. The review of policies and procedures will:

• Check to see if any compliance obligations and responsibilities have changed since the last review
• Determine whether the organisation has implemented compliant policies and procedures to manage the processing of personal data
• Confirm that all supporting information and justification is documented and still valid
• Ensure activities required of employees are being carried out in accordance with such policies and procedures.
• Update all other operational policies to ensure compliance with data protection activities.
• Ensure that privacy notices and consents are reviewed on a periodic basis to ensure compliance with the regulation