Please note: This sample only shows part of the Example Personal Data Analysis Form DATE COMPLETED: COMPLETED BY:
Personal Data Analysis Form
[Enter date here] A. N. Other
PROJECT OR BUSI...
UKDP-FORM-03-2
REF PROJECT OR PERSONAL BUSINESS PROCESS DATA ITEM
DESCRIPTION
SPECIAL CATEGORY ARTICLE 9(2) EXCEPTION OBTAINED OF PERSONAL DATA? USED (SPECIAL FROM DATA CATEGORY DATA ONLY) SUBJECT? The name of the customer; No Not applicable Yes sometimes different to the name of the person receiving support
OWNER
OWNER
LAWFUL BASIS O...
Credit card details
Managing Director
Consent
Human Resources
Customer address
Product Manager
Contractual
LinkedIn Connections
Customer email ad...
Sales and Marketing M...
EU law
Newsletter
Customer IP address
Post-sale review re...
Customer name
PROCESSING PURPOSE LAWFUL BASIS OF PROCESSING Sales records and Contractual ongoing support
IF CONSENT- BASED, AUTOMATED LEVEL OF DATA LOCATION STORED COUNTRY RETENTION HOW IS CONSENT DECISIONSUBJECT STORED IN PERIOD OBTAINED? MAKING? ACCESS Not applicable No Accessed via Web server Germany 7 years portal Sales spreadsheet on File Sharing Website
ENCRYPTION ACCESS LEVEL CONTROLS None
2FA
THIRD COMMENTS PARTIES SHARED WITH None
Germany 7 years
None
2FA
None
Germany 7 years
None
2FA
None
Not Known 7 years
At rest
2FA
None
Germany 7 years
None
2FA
None
Germany 7 years
None
2FA
None
Not Known
2FA
Reviews Website
1 Website sale
Customer name
2 Website sale
Customer Email address of the email address customer; usually a business email but often a gmail or hotmail account Customer Phone number, usually telephone business but could be number personal Credit card Number, expiry and CVC of details customer's credit card
No
Not applicable
Yes
Sales and Marketing Manager
Sales records and ongoing support
Contractual
Not applicable
No
Accessed via portal
No
Not applicable
Yes
No
None
Not applicable
Yes
Backup contact if email Contractual doesn't work - do we need this? Sale - details are not Contractual kept by us.
Not applicable
No
Not applicable
No
None
5 Website sale
Customer address
Physical address including street, city, county, zip and country
No
Not applicable
Yes
Sales and Marketing Manager Sales and Marketing Manager Sales and Marketing Manager
Sales approval via Contractual credit card; tax records; VAT charging
Not applicable
No
6 Website sale
Customer IP address
IP address of the purchaser at the time of purchase
No
Not applicable
Yes
Sales and Marketing Manager
Evidence of location for tax purposes
Not applicable
No
Can be Web server amended but not viewed via portal None Web server
7 Post-sale review requests
Customer Name and email address name and of the customer; usually a email address business email but often a gmail or hotmail account Customer Name and email address name and of the customer; usually a email address business email but often a gmail or hotmail account Customer May be different to the name and purchaser email address
No
Not applicable
Yes
Sales and Marketing Manager
Post-sales marketing Consent of additional products
Not obtained
No
None
Reviews Website
No
Not applicable
Yes
Sales and Marketing Manager
Post-sales marketing Consent of additional products
Customer explicitly signs up for the newsletter
No
Unsubscribe available at any time
Web server
Germany 7 years
None
2FA
None
No
Not applicable
Yes
Product Manager
Communication that an Contractual update is available
Not applicable
No
Accessed via portal
Web server
Germany 7 years
None
2FA
None
Customer name and email address
No
Not applicable
Yes
Product Manager
Post-sale and annual feedback survey issues and improvements
Not obtained
No
None
Mailing Website
Not Known
2FA
Mailing Website
3 Website sale
4 Website sale
8 Newsletter
9 Provision of product updates
10 Feedback survey requests
Sales and Marketing Manager
PERSONAL DATA ...
Feedback survey re...
EU law
Consent
Web server Sales spreadsheet on File Sharing Website Web server
Payment Processor
Not Known 7 years
Not Known 7 years
May not be genuine IP address if proxy server is being used.
Actions The following actions have been identified from the Personal Data Analysis Form: REF DATE RAISED
ASSESSMENT REF ACTION
WHO
BY WHEN
1
dd/mm/yyyy
3
ANO
dd/mm/yyyy
Open
2
dd/mm/yyyy
4
ANO
dd/mm/yyyy
Open
3
dd/mm/yyyy
7,10
ANO
dd/mm/yyyy
Open
4
dd/mm/yyyy
7
ANO
dd/mm/yyyy
Open
5
dd/mm/yyyy
10
ANO
dd/mm/yyyy
Open
6
dd/mm/yyyy
11
ANO
dd/mm/yyyy
Open
7
dd/mm/yyyy
15
ANO
dd/mm/yyyy
Open
Decide if telephone number is required to be captured Find out where Payment Processor stores its data Obtain consent for post-sale review requests and feedback survey requests Find out where Reviews Website stores its data and whether it's encrypted Find out where Mailing Website stores its data and whether it's encrypted Find out where File Sharing Website stores its data Ask Payroll Bureau about the controls they have in place, including any certifications
NARRATIVE
STATUS