Documentation is an integral part of your GDPR compliance. It shows how your organisation will deal with personal data. The GDPR provisions promote accountability and governance which compliment the GDPR’s transparency requirements.
As part of the requirements of GDPR you are expected to put in place comprehensive but proportionate governance measures which act to minimise the risk of data breaches and uphold the protection of personal data. Practically, this will involve the necessity to ensure that the right policies and procedures are implemented and complied with.
Compiling policies and procedures to demonstrate compliance with the GDPR can be time-consuming and challenging, however, the accountability principle in Article 5(2) requires you to demonstrate that you comply with the principles and states explicitly that this is your responsibility.
Infinite Law can help you by drafting and maintaining all the documentation your organisation will need to ensure you meet the requirements of GDPR and have the evidence to support your compliance should the Information Commissioner have any cause to investigate.
Infinite Law will:
- Draft/update governance policies.
- Evaluate and update employment contracts, employee handbooks and privacy notices.
- Evaluate and update consent statements used to collect personal information.
- Draft/update policies/privacy notices relating to: data protection, document retention, records management, information security, data breaches, subject access requests, bring your own device, social media website privacy, cookies etc.
- Review and update data processing contracts, information sharing protocols and data disclosure agreements and provide a managed update/negotiation service.
- Provide Data Protection Impact Assessment templates
- Provide any other templates required.