Establish risk reporting structure

Data protection officer should assist the organization to establish an enterprise risk management framework with reporting mechanisms (i.e. regular risk reporting and internal audit) as part of their data protection measures.

The DPO should ensure there is regular reporting of data protection measures to the management to get their support, direction and feedback. Organizations may wish to develop reporting processes and frequency (e.g. every quarter or annually) for various feedback mechanisms from the working level to Senior Management.