About these tem

These templates aim to help guide you through the GDPR requirem
requirements.

Included in this template:

1 About Qualsys
2 Information asset register
3 Data processing register (Controller)
4 Data processing register (Processor)
5 Communications plan

Hint: Use Qualsys's software to manage all

of your GDPR requirements, and automate
all activity, changes, updates in the future.

https://qualsys.co.uk/grc-solutions/standar
About these templates

you through the GDPR requirements for you to adapt to meet your own internal
requirements.

mplate:
alsys
et register
ter (Controller)
ster (Processor)
ons plan

ware to manage all

ents, and automate
dates in the future.

grc-solutions/standards-compliance/gdpr/
 How Qualsy

Governance, risk, compliance and quality can be a challenge - creating

around. Qualsys Ltd makes good practice a natural part of the every da
easier to engage your team, gain greater visibility over performance
responsibility to everyone knows what they need to do.
We have implemented 100's of management systems for all sorts of diffe
across more than a dozen different industries. We love to hear from prof
want to make real change - to pass an audit, embed compliance into the
make quality review meetings the most exciting business calendar even
of our valued partners, and we commit to work with you for as long as i
you to achieve your objectives.

Some of our customers include:

Request a discovery call:
ow Qualsys helps you

challenge - creating stern faces all

part of the every day - making it
y over performance and assign
at they need to do.
for all sorts of different businesses
ve to hear from professionals who
compliance into the business and
iness calendar event. Become one
you for as long as it takes to help
ctives.

clude:

With thanks to: https://www.squirepattonboggs.com/~/media/files/insights/events/2016/11/gdpr-webinar-

y call:
s/2016/11/gdpr-webinar-maintaining-records-of-data-processing-activities/20161117-record-of-processing-activities.pdf
 Organisation &
Information Asset Details
relevant process

Type of
Informat
Personal Sensitive Senstive
Operatin Descripti ion Asset Personal
Asset Name of Sensitive Custome Qualsys Classific
g Unit / on of Location (Hard Data
owner Asset Data r Data Data ation
Function Asset copy, (Y/N)
(Y/N) (Y/N) (Y/N)
Electroni
c)
 Process
Owner
BISO / Response
BISO/Pr
Current
TISO and ocess
Date
Level of
Assessme Ownerfor
Protection
nt Action
Impleme
ntation
(Evidenc
e is
required
Data Security
At Origin ie.
Integrity Availability Retention Conclusi
(description) screensho
Period on
ts or
similar
where
applicabl
e to
prove
these
controls
are
enforced)
 Mandatory fields of record of processing activities to Article 30 of the GDPR

If applicable:
List any Transfer to Time limits for
Categories Categories Documentation
Name of joint Purpose of Categories of third country or erasure for
Department of personal of data safeguargs for
IT System controlle processing recipients international each category
data subjects exceptional
rs organisation of data
transfer
 Data Collection Own (data storage) Processing

General
description of
the technical
and Has Server operated
organisational Was data information to by (company Legal basis for Name and
measures collected on a the Data name and storing the data contact details Legal basis for
basis of Subject been Location of registered on that server / of the Location of processing the
consent? provided? Server address) service Processor Server data
ssing Data Access Privacy impact assessment Comments Action Points

Legal
Subprocessors: justification for
Name, contact transfer /
details, location operational
of server, legal access to the
basis data Required Executed Comments Owner
 If acting as a data
Categories of Transfer to third
processor, name
Name of IT system / processing carried country of
Department and contact details
Software out for the international
of the controller and
controller organisation?
his DPO
 If applicable:
Documentation of
General description of all technical and organisational security
suitable safeguards for
measures
exceptional transfer to
third country
Information Audience Purpose Method Owner Frequency
 Content

Qualsys's Privacy Policy

GDPR statement
Security incident policy
GDPR Toolkit
Report a breach
Myth busting blogs
Data controller checklist
Data processor checklist
12 steps to take now
Use our software for GDPR compliance
 Link

https://quality.eqms.co.uk/hubfs/Information%20security/Marketing%20GDPR%20security.pdf
https://quality.eqms.co.uk/hubfs/Information%20security/GDPR%20statement.pdf
https://quality.eqms.co.uk/hubfs/Information%20security/Security%20Incident%20Policy.pdf
quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/
https://iconewsblog.org.uk/tag/gdprmyths/
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/data-controllers/
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/data-processors/
https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf
https://qualsys.co.uk/grc-solutions/standards-compliance/gdpr/
a-controllers/
a-processors/