Develop Necessary Documentation for GDPR Compliance


A quick reference guide for retention, privacy, cookies, and the data protection officer role.

If you're already a member, click here to log in.

Major Business Pain Points

  • It can be an overwhelming challenge to understand what documentation is required under the GDPR.
Develop Necessary Documentation for GDPR Compliance-Pain Points

Recommendations

Key Points

  • Hiring the right data protection officer (DPO) isn’t always easy. The person you think might be best may result in a conflict of interest. Be aware of all requirements and be objective when hiring for this role.
  • Keep retention to the bare minimum. Limiting the amount of data you are responsible for limits your liability for protecting it.
  • Under the GDPR, cookies constitute personal data. They require a standalone policy, separate from the privacy policy. Ensure pop-up cookie notification banners require active consent and give users the clear opportunity to reject them.

Approach

Develop Necessary Documentation for GDPR Compliance-Recommendations
  • Save time developing documents by leveraging ready-to-go templates for the DPO job description, retention documents, privacy notice, and cookie policy.
  • Establishing GDPR-compliance documentation will set the foundation for an overall compliant program.

Methodology and Tools

1. Hire a data protection officer

Understand the need for a DPO and what qualities to look for in a strong candidate.

  • Develop Necessary Documentation for GDPR Compliance - Storyboard
  • Data Protection Officer Job Description Template

2. Define retention requirements

Understand your data retention requirements under the GDPR. Develop the necessary documentation.

  • Data Retention Policy Template
  • Data Retention Schedule Tool – GDPR

3. Develop privacy and cookie policies

Understand your website or application’s GDPR requirements to inform users on how you process their personal data and how cookies are used. Develop the necessary documentation.

  • Privacy Notice Template – External Facing
  • Cookie Policy Template – External Facing

All resources on this page are provided to Cyber Leadership Hub members under license from third parties including Info-Tech Research Group Inc, a global leader in providing IT research and advice.