The controller must have an overview and insight into everything for which he is responsible and liable. The GDPR even obliges this. The duty to report that the controller must comply with without delay requires that the controller has properly prepared. This means that not only the processing must be documented, but even more that insight will arise into processes, information systems, corporate family, data storage, security and transport systems. To this end, it is important that the controller maintains a privacy administration, supported by good processes, such that the administration is documented by irrefutable evidence and evidence-based compliance. Participants gain insight into the importance of setting up and maintaining an adequate privacy administration in order to comply with the documentation obligation, provide insight into the technical security obligation and be prepared for the notification obligation.