T-000006 – Data responsibilities and associated processes
IT and Finance departments required
1. Data responsibilities – who has responsibility for admin and upkeep of data related policies? List heads of departments with this responsibility.
2. Employee numbers – staff numbers.
3. Access revoked – how are access privileges removed from current and previous employees / contractors? If you have a leavers checklist, attach here.
4. Employees handling personal data – have these employees been trained for data protection? Detail training policy and other procedures in place to alert employees to their responsibilities (including reminders and tickets from i-Comply-GDPR). Data breach process.
5. Historic data – identify historic data as well as newly collected data? You may currently store this information in your CRM. Also, attach your data protection policy with reference to historic data. Note down when you removed all historic data which did not comply with the GDPR.
6. ICO registration – attach ICO certification and set a reminder for annual renewals. We will provide further details on whether this applies to you or not.
7. Statutory responsibilities - you can refer to a government website or to industry guidance that explains generally applicable legal / statutory obligations. In the UK, HMRC would be statutory obligation for employee data.