I checked this in passing conversation with our lawyers late yesterday and they are comfortable that this is not required. They do however recommend that in addition to the many documents that many of us would have produced, that we create a "chronology" of actions taken to prepare for GDPR as...
Yes, each sector/industry will face its own very specific issues. Two things that may assist here are that;
I believe (correct me if I am wrong) this legislation whilst being kept will have to be re-ratified (if that is a word) post brexit and that may provide for one or two common sense...
Business as usual doesn't need to suffer and we will be taking "The Donkeys" risk based approach.
First and Foremost.
Get your privacy policy done and accessible.
Tell people where and how you get data and who you share it with and why (on publicly visible stuff, electronic or physical)
and...
Yep. I feel your pain and I have overall responsibility for delivering GDPR at our place.
Will make a final decision next couple of days about which approach to take for this particular element but given the wide range of approaches, I won't lose too much sleep (on this bit at least).
I found...