- Details of the data controller (the name of the company who makes decisions about what happens to the data)
- Representative in the EU, this only applies if you are based outside of Europe
- The contact details of the Data Protection Officer. Not all organisations need a data protection officer but it is a good idea to appoint someone who can deal with any enquiries about data processing
- The purpose for which they are collecting data. This could be for marketing purposes, processing order or recruitment.
- The types of data you are processing (clearly stating which is person/sensitive/criminal)
- The types of data subject
- Where you got their data from (if it wasn’t directly from the data subject)
- Details of any recipients of personal data
- Details of any third country transfers
- How long personal data is retained, this may vary depending on the type of data and any statutory requirements
- Details of technical and organisational security measures in place
If you still want a bit of help then get in touch, we are happy to help.