1. Deletion/rectification of all copies (that includes backups!) of personal data on demand. We currently are not sure where (in which systems) we store all that data, not to mention adding features to delete/update all data on request in each of those systems.
2. The requirement to complete description of all processes within the bank which touch personal data. That involves creating a fuckton of documentation, a lot of it for systems where required knowledge is missing (i.e. no one is quite sure how they actually work).
1. Deletion/rectification of all copies (that includes backups!) of personal data on demand. We currently are not sure where (in which systems) we store all that data, not to mention adding features to delete/update all data on request in each of those systems.
2. The requirement to complete description of all processes within the bank which touch personal data. That involves creating a fuckton of documentation, a lot of it for systems where required knowledge is missing (i.e. no one is quite sure how they actually work).