Appendix D - Data Process Record |
|
Admin |
|
Service: Process: Purpose of data collection/processing: |
|
Data Collection |
|
What information are we collecting? Does any of this data relate to children? Volume of customer data: How are we collecting the information? What is the frequency of collection? What type of personal data is it? (Personal/Sensitive) What is the approximate split of data types? |
|
Storing, Accessing, and Deleting |
|
Where is the information stored? Who has access to the information? How easy is it to access the information? What security measures are in place to protect the information/restrict access? What is the process of accessing the information? How long show we be holding the data for [Retention]? What is the current process for deletion? |
|
Data Sharing |
|
Who is the likely recipient of the data [Who do we share it with]? What are the processes for sharing data? Do we publish the data? Do we collect data from elsewhere (internal/external)? Do other departments collect data that would enhance this process? Do we transfer the data to a third country? |
|
GDPR Checks – Admin review by Auditor |
|
Can we deliver the service without the data? Is the request for data lawful under GDPR? Is the data used for automated decision making? Do you Undertake any profiling? Is consent required? Does a private notice exist? If no, is one required? |
|
Date: |
|
Auditor: |
|
Auditee: |
|
Audit and Action plan agreed |
Name and Signature |
Date |
|
Auditor |
|
|
|
Service Manager |
|
|
|
Data Protection Officer |
|
|
|
Improvement Action Plan
Process |
Audit Area |
Area of improvement |
Activities |
Responsible officer |
Deadline |
|
|
|
|
|
|