The GDPR requires that you understand:
- What personal data you hold
- How it is used
- How long it is stored
- How secure it is
- How and why it is processed
- Who has access to it
- Where it is controlled and where it is processed
- How long it is retained
- How accurate it is
- What permission you have to hold and process it in the ways that you do
- What processes you have to support the rights of data subjects
- And your process for breach detection and response
You are also required to maintain an inventory of personal data against which you assess the impact of a breach upon the data subject.
UKGDPR can create a plan of how you can approach this exercise in a way that works for your business. We can help you identify the best outcome in the most cost-effective way, pulling together the information you already have, and building on that to create a comprehensive set of Article 30 compliant documentation. We can build your documentation base using standard Microsoft office tools with our custom templates, or we can implement a OneTrust compliance system to make a central interactive system of record. Whichever option works best for you, we provide you with all the tools and templates to make a comprehensive system.