For those of you who came to the data protection session at CompTIA’s Liverpool regional meeting you’ll no doubt remember the seven key things that every IT Supplier (who processes data for customers) MUST do in order to comply with GDPR (over and above any other obligations). You may remember that those seven obligations created the (slightly unfortunate) Nmonic “CRAPNOW”?
If so then you may also remember that the “R” from that Nmonic stands stands for “Records of Processing” – something that every processor of data is required to keep in order to demonstrate accountability under GDPR. Even if you weren’t obliged to by statute, its likely that you’ll see this requirement creeping into your supply and customer contracts as your customers realise that they are also obliged to ensure that you do this.
But where to start? And what records should you cover. That’s hopefully where this template should help – setting out the key information that you are required to keep – this should be a reasonable starting point to any GDPR project.
It should be fairly easy to use but do let us know if it would be useful for us to talk through it. Connect with us on twitter: @brownejacobson
The content you requested is available to CompTIA Registered Users who are Community Members and CompTIA Premier Members.
Register now. It’s free!
Registration will provide you with a customized experience and give you instant access to hundreds of CompTIA research
reports, guides and tools. Anyone can create an account.
Learn more about registration