You are expected to put into place measures/tools to show compliance.
Implement appropriate technical and organisational measures that ensure and demonstrate that you comply. This may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies; maintain relevant documentation on processing activities; where appropriate, appoint a data protection officer; implement measures that meet the principles of data protection by design and data protection by default. Measures could include: data minimisation; pseudonymisation; transparency; allowing individuals to monitor processing; and creating and improving security features on an ongoing basis.
Use data protection impact assessments where appropriate.
Looking for Privacy Notice Help?