Watch your applications!
We have many applications to share messages and data within your organization. This usually concerns free software for storing or sending information online. Good examples are WhatsApp, Dropbox and Skype. It is important to consider where all this information actually goes because of the GDPR. If you provide data to these authorities by means of transmission or storage, you must conclude a processing agreement with these companies. It is also important to check where the data is stored. Namely whether they will still stay in the EEA or maybe go to the United States. If they go to the States, you must check whether the company is part of the so-called Privacy Shield program, this is a kind of EU-US cooperation program in which it is demonstrated that data can be exchanged in a secure manner in which the EU privacy legislation can be complied with.
It is also useful to read the user agreements and privacy conditions of those parties about their policy for data recovery, for example. In the event that data is lost, you are responsible because you have not taken proper technical measures to secure the data. Dropbox, for example, has settings that make synchronizing data between devices very convenient, but at the same time placing / removing a wrong check mark somewhere can erase all data from all locations. So be very careful when using these kinds of solutions.