Document your path to GDPR compliance
Enforcement of the new GDPR data privacy regulations begins from 25 May 2018. It’s important that your GDPR project team understands what user data passes through which systems and document that information to demonstrate compliance with GDPR.
As a technical writer I know how documenting compliance projects work:
- Compliance is a continuous process, it does not end when the first full version is signed off
- Compliance documentation needs to be structured to enable future management
Design documentation for reusability
Documenting compliance requires collecting information from several sources. That could be across departments and various Subject Matter Experts. Much of the information will reveal how your company operates and could throw up some surprises. In other words, you may discover your network is not as secure as first thought.
You will need to invest time documenting your GDPR compliance, and my suggestion is to design the documentation in such a way that it’s reusable for future projects?
Content reuse is the practice of using existing content components to develop new “documents.” Any content can be reused (such as graphics, charts, media). You can reuse sections, paragraphs, sentences, or even words. It is easier to reuse graphics, charts, and media in their entirety than it is to use portions of them.
What topics should be covered
GDPR will produce an array of document Policy and Process titles. It may be worth checking what, if any documentation you may have in place. It could be possible to reuse some or all of the content.
Below is not an exhaustive list but a flavour of what you need to consider.
- Security Policy
- Risk Assessments
- Managing Incidents
- Managing Change
- How to manage a breach
- Reporting a Data Breach
- Consent procedure
- Deletion of unstructured data
- Access Policy
- Anonymisation of data
Take steps now to design a structured GDPR compliance documentation strategy, and your business will reap the benefits.