GDPR Record Keeping Template
 Share
The version of the browser you are using is no longer supported. Please upgrade to a supported browser.Dismiss

 
View only
 
 
ABCDEFGHIJ
1
Data Controller
2
3
Example Record of Processing Activities (Article 30 GDPR)
4
Business functionCategories of personal data (i.e. data elements)Categories of individualsPurpose of the processingCategories of third parties to whom personal data is disclosed (includes vendors/sub-contractors)Description of non-EEA countries to which personal data is transferred (or stored/accessed from)Retention schedule General description of technical and organisational security measuresLawful basis for the processing (i.e., justification under Art. 6 of the GDPR or, for sensitive data, Art. 9) Location of personal data
5
FinanceContact detailsEmployeesPayrollHMRCN/A5 years post-employmentEncrypted storage and transferLegal obligationFinance payroll system
6
FinanceBank detailsEmployeesPayrollHMRCN/A3 years post-employmentEncrypted storage and transferLegal obligationFinance payroll system
7
FinancePension detailsEmployeesPayrollHMRCN/A75 years post-employmentEncrypted storage and transferLegal obligationFinance pension system
8
FinanceTax detailsEmployeesPayrollHMRCN/A6 years post-employmentEncrypted storage and transferLegal obligation (or, if US law, legitimate interest)Finance payroll system
9
Human ResourcesContact detailsEmployeesPersonel fileN/AN/A6 years post-employmentEncrypted storageLegal obligationHR personel system
10
Human ResourcesPay detailsEmployeesPersonel fileN/AN/A6 years post-employmentEncrypted storage, access controlsLegal obligationHR personel system
11
Human ResourcesAnnual leave detailsEmployeesPersonel fileN/AN/A6 years post-employmentEncrypted storage, access controlsLegal obligationHR personel system
12
Human ResourcesSick leave detailsEmployeesPersonel fileN/AN/A6 years post-employmentEncrypted storage, access controlsNecessity to perform a contractHR personel system
13
Human ResourcesPerformance detailsEmployeesPersonel fileN/AN/A6 years post-employmentEncrypted storage, access controlsNecessity to perform a contractHR personel system
14
Human ResourcesContact detailsSuccessful candidatesRecruitmentRefereeN/A6 years post-employmentEncrypted storage and transferNecessity to perform a contractHR Recrtuiment system
15
Human ResourcesQualificationsSuccessful candidatesRecruitmentN/AN/A6 years post-employmentEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
16
Human ResourcesEmployment historySuccessful candidatesRecruitmentN/AN/A6 years post-employmentEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
17
Human ResourcesEthnicitySuccessful candidatesRecruitmentN/AN/A6 years post-employmentEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
18
Human ResourcesDisiability detailsSuccessful candidatesRecruitmentN/AN/A6 years post-employmentEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
19
Human ResourcesContact detailsUnsuccessful candidatesRecruitmentN/AN/A6 months post-campaignEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
20
Human ResourcesQualificationsUnsuccessful candidatesRecruitmentN/AN/A6 months post-campaignEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
21
Human ResourcesEmployment historyUnsuccessful candidatesRecruitmentN/AN/A6 months post-campaignEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
22
Human ResourcesEthnicityUnsuccessful candidatesRecruitmentN/AN/A6 months post-campaignEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
23
Human ResourcesDisiability detailsUnsuccessful candidatesRecruitmentN/AN/A6 months post-campaignEncrypted storage, access controlsNecessity to perform a contractHR Recrtuiment system
24
SalesContact detailsExisting customersDirect marketingProcessor (name)United StatesEnd of customer relationshipEncrypted storage and transferNecessity to perform a contractSales system, data processor
25
SalesPurchase historyExisting customersDirect marketingProcessor (name)United StatesEnd of customer relationshipEncrypted storage and transferConsentSales system, data processor
26
SalesContact detailsPotential customersDirect marketingProcessor (name)United States1 year post-campaignEncrypted storage and transferConsentSales system, data processor
27
SalesLifestyle informationPotential customersDirect marketingProcessor (name)United States1 year post-campaignEncrypted storage and transferConsentSales system, data processor
28
[other]Cookie information, IP addressesWebsite UsersWebsite Analytics (or tracking)Google Analytics United States[add][add]Consent (cookie banner)[add]
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
Loading...
Main menu