Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

06) Does your organisation maintain a record of all personal data collection & processing activities?

August 30, 2022

Answer yes if you document your personal data processing activities. This could be through data flow diagrams or written documentation and should include details of collection, purpose, storage, access, use, sharing, and retention. Please describe how you do this in the notes.

If your organisation must comply with the EU General Data Protection Regulation or the UK's Data Protection Act 2018, you must maintain records of your personal data processing activities, including details such as processing purposes, data sharing and retention.

Your documentation can be in whatever format suits your organisation, but you must ensure it meets the requirements outlined the data protection regulation relevant to you.

We recommend you read the ICO's guidance on documentation which outlines best practise and can be applied to any jurisdiction.

How to implement the control

A useful guide for record keeping and documentation for personal data collection and processing activities was published by the ICO and can be found here. This includes checklists for what your documentation should include and templates for both controllers and processors.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.