Chapter 13
Writing Other Documents
IN THIS CHAPTER
Documenting that you have assessed potential risk
Recording and responding to Data Subject Access Requests
Keeping track of data breaches
Writing policies for data protection and retention
Informing job candidates and employees of privacy issues
The previous chapters in this part of the book explore various documents that you’ll want to create (or that you must create) to stay compliant with the GDPR. As part of that compliance, you need to produce certain other documents, as set out in this chapter.
Data Protection Impact Assessments
A Data Protection Impact Assessment (DPIA) is required when you’re carrying out processing that is likely to result in a high risk to data subjects. For more detail on what those risks might be, when a DPIA is required, and how to mitigate the identified risks, see Chapter 15.
A thorough DPIA helps you record evidence demonstrating that you have considered all potential risks that processing the data ...
Get GDPR For Dummies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.