We are frequently asked about the level of detail required in our document
packs. Our document packs can include up to 40 documents! Don’t panic – many of
these documents are templates and require little work, however a few do require
significant input.
Often the document that causes most concern is the Privacy Statement – this is
key but, maybe surprisingly, not the most difficult. In our experience the trickiest
documents are the Processing Activity Register and Information Audit
documents – these simply describe the data your company collects, processes
and stores. GDPR does allow small companies a limited dispensation and you
may not need to document all your processing activities – however we
recommend you do. Not just to make more work but as a way of documenting
the data you hold and review where, how, and for how long you store that data.
This also encourages you to consider which lawful basis you are assuming. This
might seem like more work but is definitely worth it and this will inform many of
the subsequent documents.
So, take the Processing Activities Register and complete this – then complete the
Information Audit template, the Information Classification policy and Data
Retention/Erasure document. This set of documents will prove invaluable!
Back to the question. How much detail? GDPR doesn’t specify the level of
detail you need to include in the data definition stages. There is no right or
wrong way. The level of detail depends on the nature of your business and the
data you collect. For example – if you collect data to send newsletters you could
Specify:
Process: Send newsletter
Data: Contact details
Retention policy: 3 years then delete
However, you might take bookings for a private doctor you would need to
collect more data. In this case you would need to be very explicit and describe all
the data you collect plus how you collect, where you store, how you store, and
how long you keep. In this case you will have to be very specific about how you
store to take account of the sensitive nature of the data.
So, to finally answer the question of “How much do I need to store?”… it depends!
Take a look at the templates and feel free to call us anytime.
Good luck all!