Chapter 13

Writing Other Documents

IN THIS CHAPTER

Bullet Documenting that you have assessed potential risk

Bullet Recording and responding to Data Subject Access Requests

Bullet Keeping track of data breaches

Bullet Writing policies for data protection and retention

Bullet Informing job candidates and employees of privacy issues

The previous chapters in this part of the book explore various documents that you’ll want to create (or that you must create) to stay compliant with the GDPR. As part of that compliance, you need to produce certain other documents, as set out in this chapter.

Data Protection Impact Assessments

A Data Protection Impact Assessment (DPIA) is required when you’re carrying out processing that is likely to result in a high risk to data subjects. For more detail on what those risks might be, when a DPIA is required, and how to mitigate the identified risks, see Chapter 15.

A thorough DPIA helps you record evidence demonstrating that you have considered all potential risks that processing the data ...

Get GDPR For Dummies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.