03) Does your organisation have an up-to-date Data Protection Policy?
GDPR Data Protection Policy
Written by Haydn Brooks
Created on March 18, 2019
Modified on September 16, 2019

Answer yes if your organisation has a Data Protection Policy that has been reviewed in the last year. Please upload your Data Protection Policy (as a PDF file) as evidence.

GDPR contains explicit provisions about documenting your processing activities.

How to implement the control:
A useful guide on the documentation required under GDPR was published by the ICO and can be found [here](https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/documentation/ Ri "GDPR Documentation"). Risk Ledger have created a Data Protection Policy template that can be taken and adapted to suit your organisation. The template policy for a small organisation can be requested at info@riskledger.com.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.