This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.
The General Data Protection Regulation (GDPR) has introduced changes to the principles governing data processing, notably expanding individuals' rights and introducing separate provisions for international transfers.
The GDPR principles serve as the cornerstone for compliance, and understanding and adhering to them are crucial to avoid potential substantial fines.
Before making any decisions regarding data processing, it's essential to refer to the GDPR principles and consider the perspective of the data subject.
Whether formal documentation of processing activities under GDPR is necessary depends on the size of the organisation and its processing activities. While many small businesses may not be obligated to do so, it's advisable to verify this information on the Information Commissioner's website.
In our experience, creating a mapping document detailing the types of data processed, its source, purpose of processing, lawful basis, retention period, and sharing details has been instrumental in ensuring compliance and facilitating data review.
A downloadable spreadsheet to assist in creating a data inventory is available in our download area, alongside checklists and other valuable resources.
