Answer yes if your organisation has a Data Protection Policy that has been reviewed in the last year. Please upload your Data Protection Policy (as a PDF file) as evidence.
GDPR contains explicit provisions about documenting your processing activities.
A useful guide on the documentation required under GDPR was published by the ICO and can be found here.
Risk Ledger have created a Data Protection Policy template that can be taken and adapted to suit your organisation. The template policy for a small organisation can be requested at firstname.lastname@example.org.
If you would like to contribute to this article or provide feedback, please email email@example.com. Contributors will be recognised on our contributors page.