T-000004 – What do you do with the data?
IT department and DPO required.
2. Data transfer – where do you send data, does it include third parties, if so why?
3. Justification for processing – what are your legal reasons for processing data? This will probably vary for different types of data, refer to the data assets setup in T-00002 where specific reasons are given for each data type.
4. Reason for data – why do you need the data? Give reasons why you store the personal data.
5. Data owner and controller – who owns and controls the data for your business? Do you control or process data for other companies? For example we are both a controller and processor. We decide what happens to the personal data we store for our business. We also store personal data for other businesses in our software, the lawful reason for this is a contract between the 2 parties.
6. Data Access – Who has access to the data you hold (both internally and externally)?