Necessary component of personal data protection system implementation is developing of documentation required by law. Lack of it is a frequent discrepancy we discover during audits.
The complete documentation of personal data protection consists of:
Even though RODO (GDPR) does not duplicate domestic regulations, which require documents mentioned above, they may stand for a good basis for preparation of security procedures required by the regulations mentioned above. The condition to do so is fact whether the documents were prepared properly and personalized to a particular subject, what is not a rule if ie. drafts and patterns available in Internet are used.