It is a requirement of the Data Protection Act (2018) and the General Data Protection Regulation (GDPR) that all personal data has a legal basis for being shared. The GDPR requires that this is documented under the principle of accountability. This document must be made available to the Information Commissioner’s Office (ICO) – the regulator for data protection – on request.
Having a record not only fulfils legal data processing requirements, but also helps with subject access requests – it’s easier to source data when you know where it’s kept – and the information recorded will also form the basis of your privacy notice.
Download and read this helpful PDF to learn how to document your data processing.Back to Resources