These pages sit alongside our Guide to the GDPR and provide more detailed guidance for UK organisations about documenting their processing activities under the GDPR.

The GDPR contains explicit provisions that require you to maintain internal records of your processing activities. Among other things, records must be kept on processing purposes, data sharing, and retention. Documenting this information is linked to the principle of accountability and will help you to demonstrate your compliance with the GDPR.

This guidance will help you understand why documenting your processing activities is important, who must maintain such records, what must be recorded, and how to do all these things.

For an introduction to the key themes and provisions of the GDPR, you should refer back to the Guide to the GDPR. You can navigate back to the Guide at any time using the link at the top of this page. Links to other relevant guidance and sources of further information are also provided throughout.