On the 25th May 2018, the new General Data Protection Regulations (GDPR) came into force.
Companies outside the EU
If your Company actively trades within the EU and stores, processes or shares EU citizens’ data, then GDPR does apply to you.
Compliance and documentation
One of the primary rules is that under GDPR Process activities MUST be documented.
Companies are required to maintain a set of Policy, Process and Plan (PPP) documentation to ensure you have evidence to support your claims should the ICO investigate any complaint or breach of data.
Note that the Information Commissioners Office (ICO) could demand to see the written documents
What do you need to consider?
As a technical writer, with experience writing compliance documentation, what can I tell you?
If you are still struggling to start
My Blogs are clear, writing one document, when there is a substantial list to be completed from scratch to sign off is a lengthy process. Even if your department has documents that can be reused, it will still take a long time. Compliance projects are manually intensive and documenting GDPR will need dedicated resources.
My experience could be necessary to help you write and manage those documents. The sooner you contact me, the sooner we can start the road to compliance.
- Create a standard template with – Statement, In Scope, Version Control, Change History, Distribution Lists, Roles and Responsibilities
- All PPPs must adhere to GDPR – include in the document ‘The purpose of the document’, ‘The Scope’ and add a list of the GDPR compliances relevant to the PPP you are writing and explain the WHY the company are complying along with the HOW the company will comply.
- The documentation must be relevant to your business. Generic documentation outlining a PPP will NOT suffice
- Complete the documentation – do not start and leave a document incomplete then sign off; an incomplete document could fail a Compliance Audit
- Maintain the detail – do not half explain a process or policy
- Structure the documentation to avoid duplicating information over several documents
- That the documentation may need to be ISO 27001 compliant