Under the General Data Protection Regulation [‘GDPR’] organisations must be able to prove that they are compliant with the six data protection principles.
This is known as ‘accountability’.
Organisations also have to comply with the regulation as a whole.
You will need to have in place suitable organisational policies and procedures. Every organisation should have a general data protection and an information security policy at least.
Other matters to consider [the list is not exhaustive] and to document might be:
Privacy notices to give to employees/ customers;
Procedures for dealing with requests by people to exercise rights e.g. subject access;
Your approach to the sharing of information and data sharing agreements;
Your approach to tele- working (outside of the office);
Classification of documents/ access control;
Password policy ;
Proper disposal/ erasure of information/hardware;
Data breach procedures;
For further information please contact us.