Is the personal information you hold adequate, relevant and not excessive? How do you know Are your current processes and checks sufficient? If required to demonstrate compliance, how would you do it?
