We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Durham University

Information Governance


The GDPR contains new and explicit requirements for documenting data processing activities. Documentation under the GDPR relates to an organisation’s record of their processing activities, covering areas such as processing purposes, data sharing and retention. Records must be kept in ‘writing’ (electronic records are acceptable), must be kept up to date and must reflect the current processing activities. These records may need to be made available to the ICO on request.

Documenting our processing activities is important, not only because it fulfils the GDPR legal requirement, but also because it supports good data governance. Good records will help us to demonstrate our compliance with other aspects of the GDPR.

Documentation includes the generic and specific information produced in relation to data processing activities, for example: