The proper documentation constitutes the pillar of the personal data protection system.

Documentation allows to:

  • define the rules for the processing of personal data;
  • implement the procedures of protection of personal data;
  • instruct employees and co-workers on how to proceed with personal data.

Without proper documentation it is almost impossible to:

  • organize the processing of personal data in lawfull manner;
  • enforce lawfull processing of personal data from employees and co-workers;
  • properly secure processed personal data;
  • prove lawfull processing of personal data.

GDPR documentation prepared by us may contain particularly:

  • a template of the record of processing activities (a mandatory document for almost every administrator);
  • a template of the record of all categories of processing activities carried out on behalf of the controller (a mandatory document for almost every processor);
  • a template of the record of personal data violations (mandatory document);
  • personal data protection policy with annexes (a document that is not formally mandatory, without which however it is difficult to demonstrate the lawful processing of personal data);
  • a template of agreement on entrusting of personal data for processing, compliant with art. 28 of GDPR;
  • agreement on joint-controlling of personal data;

...whereas the subject of individual arrangements with the Client is always to determine the scope of the documentation prepared by us and the scope of the documentation prepared by the Client himself.

Paweł Borek, attorney at law | Krzysztof Doliński, attorney at law

GDPR | Legal Office in Poznan