Documentation

Under the General Data Protection Regulation [‘GDPR’] organisations must be able to prove that they are compliant with the six data protection principles. 

This is known as ‘accountability’.

Organisations also have to comply with the regulation as a whole.

You will need to have in place suitable organisational policies and procedures.  Every organisation should have a general data protection and an information security policy at least.

Other matters to consider [the list is not exhaustive] and to document might be:

Privacy notices to give to employees/ customers;

Procedures for dealing with requests by people to exercise rights e.g. subject access;

Your approach to the sharing of information and data sharing agreements;

Your approach to tele- working (outside of the office);

Classification of documents/ access control;

Encryption policy;

Password policy ;

Proper disposal/ erasure of information/hardware;

Data breach procedures;

For further information please contact us.