This guidance sits alongside the ICO's Guide to the GDPR.
This guidance provides some useful information on what to document and how. With the GDPR applying from 25 May, organisations should be following these steps and preparing the relevant documentation now to ensure compliance when the GDPR comes into force.
It is up to the organisation how information is documented, but the ICO suggests three steps for how to get there:
reviewing and updating all documents that relate to the processing of personal data (e.g. privacy policies, data processor contracts, retention policies, data sharing agreements)