RODO documentation
RODO documentation-preparation and its essence
Pursuant to the General Data Protection Regulation of April 27, 2016, and in force from May 25, 2018, all companies and entrepreneurs are required to keep records in a manner consistent with the personal data protection policy. The regulation itself lacks an exhaustive enumeration of the required documentation and detailed security and data storage procedures.
Preparing RODO documentation – what steps should be taken?
The basis for starting the preparation of documentation compliant with the GDPR is to conduct an audit in terms of compliance of the existing documentation with the Regulation. Sanctions are imposed on companies or entrepreneurs who keep incomplete documentation or do not meet statutory requirements, usually in the form of significant fines. The documentation itself includes both internal procedures and compliance with the GDPR must be disclosed to third parties, for example in the form of a privacy policy posted on the website, as well as in the form of information obligations.
Internal documentation is also divided into three main subgroups: enabling the settlement of the requirements of the GDPR, supporting security procedures and registers. Documentation from each of the three groups mentioned above must be included in the company’s internal documentation. Appropriate procedures should also be prepared in the event of personal data breaches, for example through data leakage from the system or the transfer of data by an employee to an unauthorized entity.