• Contact Us

The ICO has Published Documentation Guidance

on Thursday, 15 February 2018.

The ICO has published this detailed guidance to help organisations to understand and be able to effectively achieve the GDPR standard for documentation.

This guidance sits alongside the ICO's Guide to the GDPR.

This guidance provides some useful information on what to document and how. With the GDPR applying from 25 May, organisations should be following these steps and preparing the relevant documentation now to ensure compliance when the GDPR comes into force.

It is up to the organisation how information is documented, but the ICO suggests three steps for how to get there:

  • devising a questionnaire to send to all areas of the organisation where personal data is processed
  • meeting with the key business functions (e.g. IT staff) to gain a better understanding of how certain parts of the organisation use data

reviewing and updating all documents that relate to the processing of personal data (e.g. privacy policies, data processor contracts, retention policies, data sharing agreements)


For further information please contact Claire Hall on 0117 314 5279 or Alexandra Ireland in our Data Protection team on 0121 227 3721.

Leave a comment

You are commenting as guest.