iSecure logo
Personal data protection and RODO audit

Preparing of documentation

Necessary component of personal data protection system implementation is developing of documentation required by law. Lack of it is a frequent discrepancy we discover during audits.

The complete documentation of personal data protection consists of:

  • security policy for personal data
  • instructions of management of IT system , dedicated to personal data processing
  • authorizations to personal data processing
  • register of personnel authorized to personal data processing
  • privacy statements and declarations of acquaintance with binding law regulations related to data protection
  • agreements of entrust of personal data processing
  • applications of personal data records registration (update) reported to GIODO office

Even though RODO (GDPR) does not duplicate domestic regulations, which require documents mentioned above, they may stand for a good basis for preparation of security procedures required by the regulations mentioned above. The condition to do so is fact whether the documents were prepared properly and personalized to a particular subject, what is not a rule if ie. drafts and patterns available in Internet are used.

Contact
Maria Lothamer
Vice-President of the board