Professional Documents
Culture Documents
GDPR Data
GDPR Data
These templates aim to help guide you through the GDPR requirem
requirements.
https://qualsys.co.uk/grc-solutions/standar
About these templates
you through the GDPR requirements for you to adapt to meet your own internal
requirements.
mplate:
alsys
et register
ter (Controller)
ster (Processor)
ons plan
grc-solutions/standards-compliance/gdpr/
How Qualsy
clude:
Type of
Informat
Personal Sensitive Senstive
Operatin Descripti ion Asset Personal
Asset Name of Sensitive Custome Qualsys Classific
g Unit / on of Location (Hard Data
owner Asset Data r Data Data ation
Function Asset copy, (Y/N)
(Y/N) (Y/N) (Y/N)
Electroni
c)
Process
Owner
BISO / Response
BISO/Pr
Current
TISO and ocess
Date
Level of
Assessme Ownerfor
Protection
nt Action
Impleme
ntation
(Evidenc
e is
required
Data Security
At Origin ie.
Integrity Availability Retention Conclusi
(description) screensho
Period on
ts or
similar
where
applicabl
e to
prove
these
controls
are
enforced)
Mandatory fields of record of processing activities to Article 30 of the GDPR
If applicable:
List any Transfer to Time limits for
Categories Categories Documentation
Name of joint Purpose of Categories of third country or erasure for
Department of personal of data safeguargs for
IT System controlle processing recipients international each category
data subjects exceptional
rs organisation of data
transfer
Data Collection Own (data storage) Processing
General
description of
the technical
and Has Server operated
organisational Was data information to by (company Legal basis for Name and
measures collected on a the Data name and storing the data contact details Legal basis for
basis of Subject been Location of registered on that server / of the Location of processing the
consent? provided? Server address) service Processor Server data
ssing Data Access Privacy impact assessment Comments Action Points
Legal
Subprocessors: justification for
Name, contact transfer /
details, location operational
of server, legal access to the
basis data Required Executed Comments Owner
If acting as a data
Categories of Transfer to third
processor, name
Name of IT system / processing carried country of
Department and contact details
Software out for the international
of the controller and
controller organisation?
his DPO
If applicable:
Documentation of
General description of all technical and organisational security
suitable safeguards for
measures
exceptional transfer to
third country
Information Audience Purpose Method Owner Frequency
Content
https://quality.eqms.co.uk/hubfs/Information%20security/Marketing%20GDPR%20security.pdf
https://quality.eqms.co.uk/hubfs/Information%20security/GDPR%20statement.pdf
https://quality.eqms.co.uk/hubfs/Information%20security/Security%20Incident%20Policy.pdf
quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
https://ico.org.uk/for-organisations/report-a-breach/personal-data-breach/
https://iconewsblog.org.uk/tag/gdprmyths/
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/data-controllers/
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/data-processors/
https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf
https://qualsys.co.uk/grc-solutions/standards-compliance/gdpr/
a-controllers/
a-processors/