A number of businesses have reported that they have experienced supervisory visits. The feedback I have received is that the supervisory bodies were interested in:
1. Looking at the result of the organisations DPIA (Data Protection Impact Assessment)
2.
Hot focus on:
* How firms are dealing with DSARS (Data Subject Access Requests) and if they are able to scale
* Checking that the organisation is a 'controller' or a 'processor'
* Can the business demonstrate 'privacy-by-design'. Expect RFP/RFIs to request this information
* Are 'big-data-analytics' factoring in security/privacy
