Get Free Downloads
Start your GDPR today in just a few clicks
      
Download Now
CLICK FOR FREE GDPR SCAN
Get Free Downloads
Start your GDPR today in just a few clicks
Download Now
CLICK FOR FREE GDPR SCAN

GDPR Info. How much detail do I need to provide?

Tagged with gdpr, ico, data, free, freeadvice, gdprtemplate, easygdpr, gdprfree,
by Adam Brogden
in Blog
27-Mar-2018 12:43

We are frequently asked about the level of detail required in our document packs. Our document packs can include up to 40 documents! Don’t panic – many of these documents are templates and require little work, however a few do require significant input.

Often the document that causes most concern is the Privacy Statement – this is key but, maybe surprisingly, not the most difficult. In our experience the trickiest documents are the Processing Activity Register and Information Audit documents – these simply describe the data your company collects, processes and stores. GDPR does allow small companies a limited dispensation and you may not need to document all your processing activities – however we recommend you do. Not just to make more work but as a way of documenting the data you hold and review where, how, and for how long you store that data. This also encourages you to consider which lawful basis you are assuming. This might seem like more work but is definitely worth it and this will inform many of the subsequent documents.

So, take the Processing Activities Register and complete this – then complete the Information Audit template, the Information Classification policy and Data Retention/Erasure document. This set of documents will prove invaluable!

Back to the question. How much detail? GDPR doesn’t specify the level of detail you need to include in the data definition stages. There is no right or wrong way. The level of detail depends on the nature of your business and the data you collect. For example – if you collect data to send newsletters you could Specify:

Process: Send newsletter
Data: Contact details
Retention policy: 3 years then delete

However, you might take bookings for a private doctor you would need to collect more data. In this case you would need to be very explicit and describe all the data you collect plus how you collect, where you store, how you store, and how long you keep. In this case you will have to be very specific about how you store to take account of the sensitive nature of the data.

So, to finally answer the question of “How much do I need to store?”… it depends!

Take a look at the templates and feel free to call us anytime.

Good luck all!