Other Documentation

The GDPR contains specific requirements for your documentation.You will need to keep records of a number of things related to data protection. The ICO recommends that you keep these records electronically.


Here is a list of the kinds of things you should be documenting:


  • What kind of data you gather from Data Subjects

  • How you store this data

  • Who has access to it, why and how

  • Third parties with whom you share data

  • How long you keep data for (Data Retention Policy)

  • What safeguards you have in place (Information Security Policy)

  • How you handle Special Category Data

  • Any breaches which may occur

  • Records of consent

  • Information necessary for your Privacy Policy/Notice

  • Contracts with Data Processors


The ICO has a comprehensive checklist here.


Terms and Conditions | Our Privacy Policy | Disclaimer