|
|
|
|
|
|
by gcthomas
2948 days ago
|
|
|
The Information Commissioner's Office (the regulatory body in the UK) says: Who needs to document their processing activities? There is a limited exemption for small and medium-sized organisations. If you have fewer than 250 employees, you only need to document processing activities that: are not occasional; or could result in a risk to the rights and freedoms of individuals; or involve the processing of special categories of data or criminal conviction and offence data. GDPR is designed to be easy for small organisations to adhere to. No documentation needed if you have only small, non-sensitive data flows. IANOL, of course. |
|
|