Your organisation has a formal, documented, comprehensive and accurate ROPA based on a data mapping exercise that is reviewed regularly.
Ways to meet our expectations:
- You record processing activities in electronic form so you can add, remove and amend information easily.
- Your organisation regularly reviews the record against processing activities, policies and procedures to ensure that it remains accurate and up to date, and you clearly assign responsibilities for doing this.
- You regularly review the processing activities and types of data you process for data minimisation purposes.
Can you answer yes to the following questions?
- Would staff say that you have effective processes in place to keep the record up to date, accurate and make sure that the data is minimised?
- Could staff explain their responsibilities and how they carry them out in practice?