Here we have tried to summarise the documentation you should have and some things you may have not considered before when it comes to the new regulation – where your data can hide! This page will grow over time as we continue to learn so be sure to check back often.
Recommended Documentation
Data Protection Policy
Removeable Media Register
Subject Access Request Procedure
Subject Access Request Form
Retention and Disposal Policy
Remote Working Policy and Register
Information Security Policy
Access Control Policy
Data Breech Procedure
Computer Use Policy
Privacy Policy
Processing Activities Register
Disaster Recovery Plan (with a copy kept off site)
Assett Register
Hiding places for your Data
Payroll – If you keep next of kin information or emergency contact details, you need to have their consent to hold this information.
Accounts – Remove old/inactive accounts and purge data so only 7 years is kept. Perhaps consider archive companies and old backup files.
Paper – Paper documents are covered under GDPR – can you shred them? (You must use a cross cut shredder.) Your filing system/cabinet must be secure so there is no unauthorised access to your paper files.
Printers – If you print sensitive information (i.e. payslips), can someone get to the printer before you do?