Using Method Grid we’ve created a simple to follow example GDPR process and procedure grid. This grid lays out a complete end-to-end GDPR methodology for auditing your organization and documenting your GDPR process.
Who might this be useful for?
The General Data Protection Regulation (GDPR) concerning data protection and privacy is relevant to all organizations working within/to the European Union and the European Economic Area.
How is it best used?
This grid can serve as a reference home for an organisation’s set of documented GDPR processes and records – as used to provide staff with an easy-to-access reference site (to facilitate consistent GDPR-compliant practices) and so that any audit sees a structured, end-to-end system in place.
With this grid (tailored to your specifics – and regularly updated), if you get a GDPR question from a customer – or a request from your lead data protection supervisory authority – you, and your team, can deal with it in minutes.
What does it consist of?
This grid lays out a complete end-to-end GDPR methodology for:
- Auditing your business for GDPR compliance – questions to ask and information to capture
- Capturing and storing the personal data you process
- Documenting the purpose of this data and your legal basis for processing it
- Auditing and documenting where you hold this data – internal and external data processors
- Noting who controls this data – internal and external data controllers