GDPR compliance involves documentation of data processing activities. This spreadsheet is an example data inventory for a small U.S. based association. The example spreadsheet is based in the UK ICO's recommended template.

1. Name and contact details Data Protection Officer (if applicable) Representative (if applicable)
Name Association Name Not Applicable Name
Address Street, city, postcode Address Street, city, postcode Address
Email Email address Email Email address Email
Telephone Tel. number Telephone Tel. number Telephone

2. Representative (if applicable)
N/A
N/A
N/A
N/A

3. Notes
Instructions
Guidance
Use this template to document the processing activities you
undertake as a controller.
Headings highlighted green are required areas of documentation
under Article 30 of the GDPR.
Headings highlighted orange are required areas of documentation
under Schedule 1 of the Data Protection Bill.
Headings highlighted yellow are optional areas of documentation
related to data breach tracking.
Headings highlighted purple are optional areas of documentation
related to DPIAs.
Headings highlighted blue are optional areas of documentation that
are not required under Article 30 of the GDPR or Schedule 1 of the
Data Protection Bill but are useful for the privacy notice, tracking
consent, and fulfilling access rights.
1. Complete your organisation’s name and contact details in cells
B3-B6.
2. Complete your data protection officer’s name and contact details
(if applicable) in cells D3-D6.
3. Complete your representative’s name and contact details (if
applicable) in cells F3-F6.
4. Document your organisation’s processing activities, starting in
cell A10, and working from left to right. Where necessary use
multiple rows for each processing activity in order to be as granular
as possible (see example tab).
For more detailed guidance on documentation, please see the Guide
to GDPR on the ICO website.
The document is informational only and not
intended as legal advice nor as an offer of
representation.

4. Purpose ofprocessing Categoriesofrecipients
Payroll Employees Contact details N/A 7 years Data subject
Payroll Employees Bank details N/A 7 years Data subject
Payroll Employees Retirement Plan details N/A 7 years Data subject
Payroll Employees N/A 7 years Data subject
Payroll Employees Taxdetails N/A 7 years Data subject
Payroll Employees N/A 7 years Data subject
Payroll Employees N/A 7 years Data subject
Payroll Employees pay rate and basis N/A 7 years Data subject
Payroll Employees pay periods and dates N/A 7 years Data subject
Payroll Employees Vacation Hours N/A 7 years Data subject
Payroll Employees Elective Holiday Hours N/A 7 years Data subject
Payroll Employees Excused Absence Hours N/A 7 years Data subject
Payroll Employees Benefit Deductions N/A 7 years Data subject
Payroll Employees sexand occupation N/A 7 years Data subject
Payroll Employees Employee Number Payroll provider 7 years employer
Temporary Employees Name Internal | temp agency Article 6(1)(b) -contract N/A temp agency 7 years Data subject | agent HR
Temporary Employees Employee Number Internal | temp agency Article 6(1)(b) -contract N/A temp agency 7 years Data subject | agent HR
Temporary Employees Date & Time Worked Internal | temp agency Article 6(1)(b) -contract N/A temp agency 7 years Data subject | agent HR
Temporary Employees Signature Internal | temp agency Article 6(1)(b) -contract N/A temp agency 7 years Data subject HR
Employee Supervisor Name Internal | temp agency Article 6(1)(b) -contract N/A temp agency 7 years Data subject | agent HR
Employee Supervisor Signature Internal | temp agency Article 6(1)(b) -contract N/A temp agency 7 years Data subject | agent HR
Temporary Employees Name Internal Article 6(1)(b) -contract N/A temp agency 7 years Data subject | agent accounting
Temporary Employees Position Title Internal Article 6(1)(b) -contract N/A temp agency 7 years Data subject | agent accounting
Temporary Employees Payments Internal Article 6(1)(b) -contract N/A temp agency 7 years employer accounting
Temporary Employees Communications Internal | temp agency Article 6(1)(b) -contract N/A temp agency 7 years accounting
Personnel file Employees Contact details Internal N/A government Data subject HR
Personnel file Employees Social security number Internal N/A government Data subject HR
Personnel file Employees employee number Internal operations government employer HR
Personnel file Employees offer letter/message Internal N/A government employer HR
Personnel file emergency contact name Internal government Data subject HR
Personnel file emergency contact relationship Internal government Data subject HR
Personnel file emergency contact contact details Internal government Data subject HR
Personnel file emergency contact Internal government Data subject HR
Personnel file Employees hiring announcement Internal operations government employer HR
Personnel file Employees employment application Internal N/A government Data subject HR
Personnel file Employees resume Internal N/A government Data subject | agent HR
Personnel file Employees job description Internal operations government employer HR
Personnel file Employees acceptance letter Internal N/A government Data subject | agent HR
Personnel file Employees Internal due diligence government third party resource HR
Personnel file Employees hiring communications Internal N/A government HR
Personnel file Employees testing Internal due diligence government Data subject HR
Personnel file Employees Internal due diligence government Data subject HR
Personnel file Employees Federal TaxForm Info Internal N/A government Data subject | agent HR
Personnel file Employees State TaxForm Info Internal N/A government Data subject | agent HR
Personnel file Employees Direct Deposit Details government Data subject | agent HR
Personnel file Employees Internal government Data subject HR
Personnel file Employees Internal government Data subject HR
Personnel file Employees Internal government Data subject HR
Personnel file Employees Internal government Data subject HR
Personnel file Employees Internal government Data subject HR
Personnel file Employees government Data subject HR
Personnel file Employees Salary Increase Records Internal government employer HR
Personnel file Employees Performance reviews Internal government employer HR
Personnel file Employees Internal government employer HR
Personnel file Employees Internal government employer HR
Personnel file Employees Internal HR
Employees Employment Verification Internal | mortgage lender Article 6(1)(a) -consent N/A mortgage lender HR
Employees Compensation Info Internal | mortgage lender Article 6(1)(a) -consent N/A mortgage lender HR
Employees Internal | mortgage lender Article 6(1)(a) -consent N/A mortgage lender HR
I-9 Immigration Employees Contact details Internal N/A government access controls, secure storage Data subject | agent HR
I-9 Immigration Employees alias Internal N/A government access controls, secure storage Data subject | agent HR
I-9 Immigration Employees social security number Internal N/A government access controls, secure storage Data subject | agent HR
I-9 Immigration Employees citizenship status Internal N/A government access controls, secure storage Data subject | agent HR
I-9 Immigration Employees Internal N/A government access controls, secure storage Data subject | agent HR
I-9 Immigration Employees Signature Internal N/A government access controls, secure storage Data subject HR
I-9 Immigration Preparer Preparer Information Internal N/A government access controls, secure storage Data subject HR
I-9 Immigration Employees Internal N/A government access controls, secure storage Data subject | agent HR
I-9 Immigration Employees Internal government access controls, secure storage Data subject | agent HR
I-9 Immigration HR Employee Name and Credentials Internal N/A government access controls, secure storage Data subject HR
I-9 Immigration HR Employee Signature Internal N/A government access controls, secure storage Data subject HR
Benefits Invoices Employees Name Internal Article 6(1)(b) -contract N/A insurers 7 years benefit provider HR | accounting
Benefits Invoices Employees Internal Article 6(1)(b) -contract N/A insurers 7 years benefit provider HR | accounting
Benefits Invoices Employees Internal Article 6(1)(b) -contract N/A insurers 7 years benefit provider HR | accounting
Benefits Invoices Employees Individual Plan ID Internal Article 6(1)(b) -contract N/A insurers 7 years benefit provider HR | accounting
Employees Name N/A insurers Data subject | agent
Employees contact details N/A insurers Data subject | agent
Employees Social security number N/A insurers Data subject | agent
Employees Date ofBirth N/A insurers Data subject | agent
Employees Full-time status N/A insurers Data subject | agent
Employees N/A insurers Data subject | agent
Employees Primary Care Physician Article 6(1)(b) -contract N/A insurers Data subject | agent
Name N/A insurers Data subject | agent
relationship N/A insurers Data subject | agent
Social security number N/A insurers Data subject | agent
Date ofBirth N/A insurers Data subject | agent
N/A insurers Data subject | agent
Primary Care Physician N/A insurers Data subject | agent
Benefits Assistance Benefits Records customer service as needed Data subject | agent HR
Shop for Plans Benefits Census Report Article 6(1)(b) -contract N/A insurers historical Data subject | agent HR
COBRANotices Contact Details N/A employer HR
COBRANotices Communications N/A employer HR
COBRANotices Benefits Records N/A employer HR
HIPAANotices Contact Details N/A
HIPAANotices Communications N/A
HR & Company Notices Employees Contact Details Internal operations 7 years HR
HR & Company Notices Employees Communications Internal operations 7 years HR
Employees Name Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees contact details Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Social security number Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Date ofBirth Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Fulltime status Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Compensation Info Article 6(1)(b) -contract N/A insurers Data subject | agent
Name Article 6(1)(b) -contract N/A insurers Data subject | agent
Social security number Article 6(1)(b) -contract N/A insurers Data subject | agent
relationship Article 6(1)(b) -contract N/A insurers Data subject | agent
Date ofBirth Article 6(1)(b) -contract N/A insurers Data subject | agent
Article 6(1)(b) -contract N/A insurers Data subject | agent
Beneficiaries Name Article 6(1)(b) -contract N/A insurers Data subject | agent
Beneficiaries contact information Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees contact details N/A insurers Data subject | agent
Employees Social security number N/A insurers Data subject | agent
Employees Date ofBirth N/A insurers Data subject | agent
Employees N/A insurers Data subject | agent
Name N/A insurers Data subject | agent
Social security number N/A insurers Data subject | agent
relationship N/A insurers Data subject | agent
Date ofBirth N/A insurers Data subject | agent
Employees Name Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees contact details Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Social security number Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Date ofBirth Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Signature Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees hours worked Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Compensation Info Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Date ofEmployment Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees contribution percentage Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees investment selections Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees Roth Options Article 6(1)(b) -contract N/A insurers Data subject | agent
Beneficiaries Name Article 6(1)(b) -contract N/A insurers Data subject | agent
Beneficiaries contact information Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees rollover details Article 6(1)(b) -contract N/A insurers Data subject | agent
Employees account balances Article 6(1)(b) -contract N/A insurers Data subject | agent
Attendance Employees contact details Internal operations as needed Data subject | agent
Attendance Employees leave communications Internal operations as needed Data subject | agent
Attendance Employees Internal operations as needed Data subject | agent
Attendance Employees scheduled absences Internal operations as needed Data subject | agent
Attendance Report Employees Internal | all staff operations as needed employer
Special Leave Employees contact details Internal N/A Data subject | agent HR
Special Leave Employees leave communications Internal N/A Data subject | agent HR
Special Leave Employees Internal N/A Data subject | agent HR
Special Leave Employees Internal N/A Data subject | agent HR
Employees name operations as needed employer
Employees anniversary operations as needed employer
Employees Internal | all staff operations as needed employer
Promotion Announcement Employees name operations employer HR
Promotion Announcement Employees promotion synopsis operations employer HR
accommodations Employees contact details Internal N/A Data subject | agent HR
accommodations Employees communications Internal N/A
Employees Name Article 6(1)(b) -contract N/A government indefinite
Employees contact details Article 6(1)(b) -contract N/A government indefinite
Employees Social security number Article 6(1)(b) -contract N/A government indefinite
Employees Date ofBirth Article 6(1)(b) -contract N/A government indefinite
Employees Amount Article 6(1)(b) -contract N/A government indefinite
Employees Article 6(1)(b) -contract N/A government indefinite
Employees Loan details Article 6(1)(b) -contract N/A government indefinite
Retirement Plan Notices Employees Name N/A government indefinite
Retirement Plan Notices Employees contact details N/A government indefinite
Company Telephone Employees Name Internal | public operations termination N/A Data subject | agent IT
Company Telephone Employees access code Internal | public operations termination N/A Data subject | agent IT
Company Telephone Employees recorded greetings Internal | public operations termination N/A Data subject | agent IT
Employees Name Internal | public operations termination N/A Data subject | agent IT
Employees Credentials Internal | public operations termination N/A Data subject | agent IT
Company email Employees name Internal | public operations termination N/A IT
Company email Employees credentials Internal | public operations termination N/A IT
Company email Employees access code Internal | public operations termination N/A IT
Company email Employees recorded greetings Internal | public operations termination N/A IT
Company email Directories Employees Name Internal | public operations termination N/A IT
Company email Directories Employees Credentials Internal | public operations termination N/A IT
Company staffDirectories Employees Name Internal | public operations termination N/A IT
Company staffDirectories Employees Credentials Internal | public operations termination N/A IT
Company staffDirectories Employees Biographical Info Internal | public operations termination N/A IT
business cards Employees Name Internal | printer operations termination N/A administration
business cards Employees Credentials Internal | printer operations termination N/A administration
Organizational Chart Employees Name Internal | public operations historical N/A administration
Organizational Chart Employees Credentials Internal | public operations historical N/A administration
Building ID Employees Name operations property management termination IT
Building ID Employees Credentials operations property management termination IT
Building ID Employees Photograph operations property management termination IT
Building ID Employees Access areas operations property management termination IT
Expense Report Employees Name Internal operations government 7 years Data subject | agent accounting
Categories of
individuals
Categories of personal
data
GDPR Article 6 lawful basis
for processing personal
data
Legitimate interests
for the processing (if
applicable)
Name and contact details of
joint controller (if applicable)
Retention schedule (if
possible)
General description of technical
and organizational security
measures (if possible)
Rights available to
individuals
The source of the
personal data (if
applicable)
Link to
contract
with
processor
Namesof third
countries or
international
organizations that
personal data are
transferred to (if
applicable)
Safeguards for exceptional
transfers of personal data to
third countries or
international organizations
(if applicable)
Article 9
basis for
processing
special
category
data
Link to
record of
legitimate
interests
assessment
(if
applicable)
Existence of
automated
decision-
making,
including
profiling (if
applicable)
Link to
record of
consent
Location of personal
data(for access
request)
Data
Protection
Impact
Assessment
required?
Data
Protection
Impact
Assessment
progress
Link to Data
Protection
Impact
Assessment
Has a
personal
data breach
occurred?
Link to
record of
personal
data breach
Data
Protection
Bill
Schedule
Condition
for
processing
Special
Category
Article 6
lawful basis
for
processing
Link to
retention
and erasure
policy
document
Is personal
data
retained
and erased
in
accordance
with the
policy
document?
Reasonsfor
not
adhering to
policy
document
(if
applicable)
Business
function
Internal | Payroll provider |
government | retirement
plan | benefits providers |
bank
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
| retirement plan | benefits
providers | bank
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
bank | employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | bank |
government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider
retirement plan | employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
| retirement plan
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Deferred Compensation
details
Internal | Payroll provider |
retirement plan |employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
| retirement plan
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
government | employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Hours Worked by day by
week
Internal | Payroll provider |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
| retirement plan
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Overtime Hours Worked
by day by week
Internal | Payroll provider |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
| retirement plan
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
benefits providers |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
benefits providers |
employee
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Payroll provider | government
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
accounting | employee
aceesible payroll web
portal
Internal | Payroll provider |
benefits providers |
employee
Article 6(1)(f) - legitimate
interest; Article 6(1)(c) -
legal obligation
employee benefit &
HR processing
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
accounting | employee
aceesible payroll web
portal
Temporary Employee's Time
Sheet
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employee's Time
Sheet
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employee's Time
Sheet
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employee's Time
Sheet
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employee's Time
Sheet
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employee's Time
Sheet
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employment
Agency Invoice
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employment
Agency Invoice
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employment
Agency Invoice
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Temporary Employment
Agency Recruiting
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject | agent
| employer
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Article 6(1)(f) - legitimate
interest
emergency
management
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Article 6(1)(f) - legitimate
interest
emergency
management
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Article 6(1)(f) - legitimate
interest
emergency
management
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
changes of contact details
Article 6(1)(f) - legitimate
interest
emergency
management
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
credential/employment
verifications
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject | agent
| emp[loyer
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
authorizations for
investigations
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Internal | payroll
administrator
Article 6(1)(f) - legitimate
interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Premium Payment Option
Plan IRS 125
authorizations
Article 6(1)(f) - legitimate
interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Employee Handbook
Acknowledgements
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Non-discrimination & non-
harassment
Acknowledgements
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Job Description Receipt
Acknowledgements
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Doc Retention Policy
Acknowledgement
Article 6(1)(f) - legitimate
interest
satisfy foreseeable
legal requirements
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Employee Video/Picture
Release
Internal | web/print design
firm | publishers
Article 6(1)(f) - legitimate
interest
staff and
organization
promotion
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Promotion/Job Change
Forms
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Promotion/Job Change
Announcements
Article 6(1)(c) - legal
obligation; Article 6(1)(f)
legitimate interest
employee benefit &
HR processing
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
object
Mortgage Lender
Employment Verification
Records
Article 6(1)(f) - legitimate
interest
compliance
verification &
integrity
government | mortgage
lender
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Data subject | agent
| employer
Mortgage Lender
Employment Verification
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
withdrawal consent,
erasure
Data subject | agent
| employer
Mortgage Lender
Employment Verification
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
withdrawal consent,
erasure
Data subject | agent
| employer
Mortgage Lender
Employment Verification
Likelihood of continued
employment
Termination plus 10
years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability,
withdrawal consent,
erasure
Data subject | agent
| employer
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability
Number for alien reg., I-94
Admiss., Foreign Passport
and country
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability
Identity Documentation
Info
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability
Identity Documentation
File copy
Article 6(1)(f) - legitimate
interest
compliance
verification, integrity,
auditing
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, object
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability,
object
Article 6(1)(c) - legal
obligation
longest of 3 years after
hire or 1 year after
termination
Access, rectification,
restriction, portability,
object
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Dependent Plan
Information
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Individual Plan
Information
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Plan Choice & Effective
Date
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Plan Choice & Effective
Date
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Health-Dental-Vision
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Employee and
dependents
Internal | broker |
providers
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Employee and
dependents
Internal | broker |
providers
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Employee and
dependents
Internal | employee |
employee Dependents
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Employee and
dependents
Internal | employee |
employee Dependents
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Employee and
dependents
Internal | employee |
employee Dependents
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Employee and
dependents
Internal | employee |
employee Dependents
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
employer | benefits
provider
HR | employee
accessible provider web
portals
Employee and
dependents
Internal | employee |
employee Dependents
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
employer | benefits
provider
HR | employee
accessible provider web
portals
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
employer | benefits
provider
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
employer | benefits
provider
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Plan Choices & Effective
Date
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Employee's
dependents
Plan Choices & Effective
Date
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Life, AD&D, and Disability
Enrollment, Renewals,
Changes, Declinations
Internal | broker |
providers
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Cafeteria Enrollment,
Renewals, Changes,
Declinations
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Cafeteria Enrollment,
Renewals, Changes,
Declinations
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Cafeteria Enrollment,
Renewals, Changes,
Declinations
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Cafeteria Enrollment,
Renewals, Changes,
Declinations
Plan Choices & Effective
Date
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Cafeteria Enrollment,
Renewals, Changes,
Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Cafeteria Enrollment,
Renewals, Changes,
Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Cafeteria Enrollment,
Renewals, Changes,
Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Cafeteria Enrollment,
Renewals, Changes,
Declinations
Employee's
dependents
Internal | broker |
providers
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Retirement Plan Enrollment,
Changes, Declinations
Internal | plan
administrator | plan
advisors
termination plus suit
limitation & not less
than 3 years
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible retirment
plan web, app, and
phone portal
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
accounting |
administration
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
accounting |
administration
business out of office
plans
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure

5. Expense Report Employees Credentials Internal operations government 7 years Data subject | agent accounting
Expense Report Employees Trip Details Internal operations government 7 years Data subject | agent accounting
Expense Report Employees Expense Details Internal operations government 7 years Data subject | agent accounting
Expense Reimbursement Employees Name Internal operations 7 years Data subject | agent accounting
Expense Reimbursement Employees Internal | bank operations 7 years Data subject | agent accounting
Recruitment candidates Contact details Internal N/A 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Qualifications Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Employment history Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Education Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Licenses/Designations Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Training Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Skills Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates employment status Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates references Internal N/A government 1 year Access controls, secure storage Data subject | agent HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage employer HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage employer HR
Recruitment candidates writing samples Internal N/A government 1 year Access controls, secure storage Data subject HR
Recruitment candidates homework Internal N/A government 1 year Access controls, secure storage Data subject HR
Recruitment candidates communications Internal N/A government 1 year Access controls, secure storage Data subject HR
Recruitment candidates Internal N/A government 1 year Access controls, secure storage employer HR
Recruitment Testing candidates id Internal N/A government 1 year Access controls, secure storage Data subject HR
Recruitment Testing candidates test results Internal N/A government 1 year Access controls, secure storage Data subject HR
Recruitment Testing candidates access controls Internal N/A government 1 year Access controls, secure storage HR
Interview candidates name Internal | building security N/A building security 1 year Access controls, secure storage Data subject HR
Interview candidates interview notes Internal N/A 1 year Access controls, secure storage HR
web Interview candidates contact details Internal N/A 1 year Access controls, secure storage Data subject HR
web Interview candidates interview notes Internal N/A 1 year Access controls, secure storage HR
phone Interview candidates contact details Internal N/A 1 year Access controls, secure storage Data subject HR
phone Interview candidates interview notes Internal N/A 1 year Access controls, secure storage HR
workers comp claim employees contact details Internal | insurer | lawfirm N/A insurer Data subject
workers comp claim employees incident details Internal | insurer | lawfirm N/A insurer
workers comp claim employees Internal | insurer | lawfirm N/A insurer
life insurance claim employees contact details N/A insurer Data subject
life insurance claim employees incident details N/A insurer
life insurance claim employees N/A insurer
life insurance claim beneficiary N/A insurer
disability claim employees contact details internal | insurers N/A insurer Data subject
disability claim employees incident details internal | insurers N/A insurer
disability claim employees internal | insurers N/A insurer
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
expense reference
notation
Article 6(1)(f) - legitimate
interest
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, object
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Offices held in
professional associations
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
compensation
requirements
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
readiness to complete
essential job functions
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
availability during planned
work hours or extra hours
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
readiness to travel if
relevant
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
criminal convictions (if
relevant and permissible)
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
interview question
examples
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
impermissible interview
question examples
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
HR preliminary
evaluations
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Data subject |
employer
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Data subject |
employer
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Data subject |
employer
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
Access, rectification,
restriction, portability
Data subject |
employer
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject |
employer | insurer |
legal
HR | employee
accessible provider web
portals
claim related
communications
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject |
employer | insurer |
legal
HR | employee
accessible provider web
portals
internal |insurers |
beneficiaries
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
internal |insurers |
beneficiaries
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject |
employer | insurer |
legal
HR | employee
accessible provider web
portals
claim related
communications
internal |insurers |
beneficiaries
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject |
employer | insurer |
legal
HR | employee
accessible provider web
portals
claim related
communications
internal |insurers |
beneficiaries
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject |
employer | insurer |
legal
HR | employee
accessible provider web
portals
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
HR | employee
accessible provider web
portals
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject |
employer | insurer |
legal
HR | employee
accessible provider web
portals
claim related
communications
Article 6(1)(b) - contract;
Article 6(1)(c) - legal
obligation
termination plus suit
limitation
Encrypted communications,
access controls, secure storage
Access, rectification,
restriction, portability
Data subject |
employer | insurer |
legal
HR | employee
accessible provider web
portals

6. Purpose of processing Categories of individuals Categories of recipients Rights available to individuals
Annual Dues Existing Customers Billing Contact details Internal Article 6(1)(b) - contract N/A 7 years Access controls Access, rectification, restriction, portability Data subject | agent Administration
Annual Dues Existing Customers Credit Card Details Credit Processor Article 6(1)(b) - contract N/A Should not be stored Encrypted transaction Access, rectification, restriction, portability Data subject | agent Finance/Accounting
Annual Dues Existing Customers Bank Check/Draft Details Internal & Bank Article 6(1)(b) - contract N/A 7 years secure storage, encrypted transaction Access, rectification, restriction, portability Data subject | agent Finance/Accounting
Annual Dues Existing Customers Billing Inquiries Internal Article 6(1)(b) - contract N/A 2 years or less Access controls Access, rectification, restriction, portability Data subject | agent Administration
Member Profile Existing Customers Leadership Details Article 6(1)(f) - legitimate interest customer service historical Encrypted collection, access controls Access, rectification, restriction, object Data subject | agent AMS
Committee Involvement Existing Customers Committee Member Details Article 6(1)(f) - legitimate interest customer service historical Access, rectification, restriction, object Data subject | agent AMS
Utilization Report Existing Customers Article 6(1)(f) - legitimate interest customer service historical Access controls Access, rectification, restriction, object AMS
Utilization Report Existing Customers Article 6(1)(f) - legitimate interest customer service historical Access controls Access, rectification, restriction, object AMS
Utilization Report Existing Customers Article 6(1)(f) - legitimate interest customer service historical Access controls Access, rectification, restriction, object AMS
User Management Existing Customers Article 6(1)(f) - legitimate interest direct marketing Rec. 47 historical Access controls Access, rectification, restriction, object Data subject | agent AMS
Executive ePublications Existing Customers Leadership Details Internal | AMS Article 6(1)(f) - legitimate interest direct marketing Rec. 47 historical Access controls Access, rectification, restriction, object Data subject | agent AMS
Annual Dues Potential Customers Billing Contact details Internal Article 6(1)(b) - contract N/A 7 years Access controls Access, rectification, restriction, portability Data subject | agent Administration
Annual Dues Potential Customers Billing Inquiries Internal Article 6(1)(b) - contract N/A 2 years or less Access controls Access, rectification, restriction, portability Data subject | agent Administration
Member Profile Potential Customers Leadership Details Article 6(1)(f) - legitimate interest customer service historical Encrypted collection, access controls Access, rectification, restriction, object Data subject | agent AMS
Utilization Report Potential Customers Article 6(1)(f) - legitimate interest customer service historical Access controls Access, rectification, restriction, object AMS
Utilization Report Potential Customers Article 6(1)(f) - legitimate interest customer service historical Access controls Access, rectification, restriction, object AMS
Utilization Report Potential Customers Article 6(1)(f) - legitimate interest customer service historical Access controls Access, rectification, restriction, object AMS
User Management Potential Customers Article 6(1)(f) - legitimate interest direct marketing Rec. 47 historical Access controls Access, rectification, restriction, object Data subject | agent AMS
Executive ePublications Potential Customers Leadership Details Internal | AMS Article 6(1)(f) - legitimate interest direct marketing Rec. 47 historical Access controls Access, rectification, restriction, object Data subject | agent AMS
Categories of personal
data
GDPR Article 6 lawful basis for
processing personal data
Legitimate interests for the
processing (if applicable)
Name and
contact details
of joint
controller (if
applicable)
Retention schedule (if
possible)
General description of technical and
organizational security measures (if
possible)
The source of the
personal data (if
applicable)
Link to
contract
with
processor
Names of third
countries or
international
organizations that
personal data are
transferred to (if
applicable)
Safeguards for
exceptional
transfers of
personal data
to third
countries or
international
organizations (if
applicable)
Article 9
basis for
processing
special
category
data
Link to
record of
legitimate
interests
assessment
(if
applicable)
Existence of
automated
decision-
making,
including
profiling (if
applicable)
Link to
record of
consent
Location of personal
data (for access
request)
Data
Protection
Impact
Assessment
required?
Internal | ams vendor |
member company
administrator
Internal | ams vendor |
member company
administrator
Encrypted collection, access controls,
secure storage
Employee Subscribers
Details
Internal | ams vendor |
member company
administrator
Data subject | agent |
internal
Employee Subscribers
Usage Records
Internal | ams vendor |
member company
administrator
Data subject | agent |
internal
Employee Subscribers
Transcripts
Internal | ams vendor |
member company
administrator
Data subject | agent |
internal
Employee Subscriber
Details
Internal | ams vendor |
member company
administrator
Internal | ams vendor |
member company
administrator
Employee Subscribers
Details
Internal | ams vendor |
member company
administrator
Data subject | agent |
internal
Employee Subscribers
Usage Records
Internal | ams vendor |
member company
administrator
Data subject | agent |
internal
Employee Subscribers
Transcripts
Internal | ams vendor |
member company
administrator
Data subject | agent |
internal
Employee Subscriber
Details
Internal | ams vendor |
member company
administrator

7. Data
Protection
Impact
Assessment
progress
Link to Data
Protection
Impact
Assessment
Has a
personal
data breach
occurred?
Link to
record of
personal
data breach
Data
Protection
Bill
Schedule
Condition
for
processing
Special
Category
Article 6
lawful basis
for
processing
Link to
retention
and erasure
policy
document
Is personal
data
retained
and erased
in
accordance
with the
policy
document?
Reasons for
not
adhering to
policy
document
(if
applicable)
Business
function

8. Purpose of processing Categories of individuals Categories of personal data Categories of recipients Retention schedule (if possible) Rights available to individuals
User Registration Existing Customers Contact details Article 6(1)(b) - contract N/A historical Access controls Access, rectification, restriction, portability Data subject | agent IT | AMS
User Registration Existing Customers Credit Card Details Credit Processor Article 6(1)(b) - contract N/A Should not be stored Encrypted transaction Access, rectification, restriction, portability Data subject | agent Finance/Accounting
User Registration Existing Customers Bank Check/Draft Details Internal & Bank Article 6(1)(b) - contract N/A 7 years secure storage, encrypted transaction Access, rectification, restriction, portability Data subject | agent Finance/Accounting
User Registration Existing Customers Professional Credentials Article 6(1)(f) - legitimate interest operations historical Encrypted collection, access controls Access, rectification, restriction, object Data subject IT | AMS | administration
User Registration Existing Customers office details Article 6(1)(f) - legitimate interest operations historical Access, rectification, restriction, object Data subject | agent IT | AMS
User Registration Existing Customers Enrollment Communications Internal Article 6(1)(f) - legitimate interest operations 2 years or less Access controls Access, rectification, restriction, object Data subject | agent IT | AMS
Account Access Control Existing Customers username/password Internal | ams vendor Article 6(1)(f) - legitimate interest security ams vendor as needed Access, rectification, restriction, object Data subject | agent IT | AMS
Consultation Services Existing Customers Contact details Internal | ams vendor Article 6(1)(f) - legitimate interest provide customized research 90 days Access controls Access, rectification, restriction, object Data subject | agent IT | consultation staff
Consultation Services Existing Customers office details Internal | ams vendor Article 6(1)(f) - legitimate interest provide customized research 90 days Access controls Access, rectification, restriction, object Data subject | agent IT | consultation staff
Consultation Services Existing Customers consultation communications Internal | ams vendor Article 6(1)(f) - legitimate interest provide customized research 90 days Access controls Access, rectification, restriction, object Data subject | agent
Consultation Services Third-parties inquiry information Internal | ams vendor Article 6(1)(f) - legitimate interest customer service 90 days Access controls, psuedonymization Access, rectification, restriction, object Data subject | agent
Log Consultation Services Existing Customers Contact details Article 6(1)(f) - legitimate interest business analytics historical Access controls Access, rectification, restriction, object Data subject | agent
Log Consultation Services Third-parties inquiry information Article 6(1)(f) - legitimate interest business analytics historical Access controls, psuedonymization Access, rectification, restriction, object Data subject | agent
electronic library access Existing Customers Contact details Article 6(1)(f) - legitimate interest provide reference materials historical Encrypted file | password protected file Access, rectification, restriction, object Controller IT | AMS
electronic library access Existing Customers general web session data Article 6(1)(f) - legitimate interest business analytics historical Encrypted file | password protected file Access, rectification, restriction, object Controller IT | AMS
ePublications Existing Customers Contact details Article 6(1)(f) - legitimate interest industry news and education no archive Encrypted file | password protected file Access, rectification, restriction, object Controller IT | AMS
ePublications Existing Customers recipient preferences Article 6(1)(f) - legitimate interest industry news and education End of customer relationship plus 7 Encrypted file | password protected file Access, rectification, restriction, object Controller IT | AMS
text Alerts Existing Customers recipient preferences Internal | ams vendor Article 6(1)(f) - legitimate interest industry news and education End of customer relationship plus 7 Access, rectification, restriction, object Data subject | agent IT | AMS
text Alerts Existing Customers Contact details Internal | ams vendor Article 6(1)(f) - legitimate interest industry news and education no archive Access, rectification, restriction, object Data subject | agent IT | AMS
on-demand distance learning Existing Customers Contact details Article 6(1)(f) - legitimate interest industry news and education historical Access, rectification, restriction, object Data subject | agent IT | AMS
on-demand distance learning Existing Customers results/activity Article 6(1)(f) - legitimate interest industry news and education historical Access, rectification, restriction, object Data subject | agent IT | AMS
on-demand distance learning Existing Customers session communications Article 6(1)(f) - legitimate interest industry news and education no archive Access, rectification, restriction, object Data subject | agent IT | AMS
CE Processing Existing Customers name Article 6(1)(c) - legal obligation N/A licensing authority as required by state statute Access and rectification Data subject | agent IT | AMS
CE Processing Existing Customers license number Article 6(1)(c) - legal obligation N/A licensing authority as required by state statute Access and rectification Data subject | agent IT | AMS
CE Processing Existing Customers course results Article 6(1)(c) - legal obligation N/A licensing authority as required by state statute Access and rectification Data subject | agent IT | AMS
hosted webinar Existing Customers Contact details Article 6(1)(f) - legitimate interest industry news and education hosting vendor historical Access, rectification, restriction, portability Data subject | agent IT | AMS
hosted webinar Existing Customers session communications Article 6(1)(f) - legitimate interest industry news and education hosting vendor no archive Access, rectification, restriction, portability Data subject | agent IT | AMS
hosted webinar Existing Customers participation details Article 6(1)(f) - legitimate interest industry news and education hosting vendor historical Access, rectification, restriction, portability Data subject | agent IT | AMS
GIS Research Existing Customers Contact details Article 6(1)(f) - legitimate interest provide customized research historical Access, rectification, restriction, portability Data subject | agent IT | AMS
GIS Research Existing Customers general web session data Article 6(1)(f) - legitimate interest provide customized research historical Access, rectification, restriction, portability Data subject | agent IT | AMS
GIS Research Third-parties location Article 6(1)(f) - legitimate interest provide customized research no archive Access, rectification, restriction, portability Data subject | agent IT | AMS
Profile Maintenance Existing Customers professional details Article 6(1)(f) - legitimate interest customer service historical Access, rectification, restriction, portability Data subject | agent IT | AMS
Profile Maintenance Existing Customers user preferences Article 6(1)(f) - legitimate interest customer service End of customer relationship plus 7 Access, rectification, restriction, portability Data subject | agent IT | AMS
User Registration Potential Customers Contact details Article 6(1)(b) - contract N/A historical Access controls Access, rectification, restriction, portability Data subject | agent IT | AMS
User Registration Potential Customers Credit Card Details Credit Processor Article 6(1)(b) - contract N/A Should not be stored Encrypted transaction Access, rectification, restriction, portability Data subject | agent IT | AMS
User Registration Potential Customers Bank Check/Draft Details Internal & Bank Article 6(1)(b) - contract N/A 7 years secure storage, encrypted transaction Access, rectification, restriction, portability Data subject | agent IT | AMS
User Registration Potential Customers Professional Credentials Article 6(1)(f) - legitimate interest operations historical Encrypted collection, access controls Access, rectification, restriction, object Data subject IT | AMS
User Registration Potential Customers office details Article 6(1)(f) - legitimate interest operations historical Access, rectification, restriction, object Data subject | agent IT | AMS
User Registration Potential Customers Enrollment Communications Internal Article 6(1)(f) - legitimate interest operations no archive Access controls Access, rectification, restriction, object Data subject | agent IT | AMS
Account Access Control Potential Customers username/password Internal | ams vendor Article 6(1)(f) - legitimate interest security ams vendor as needed Access, rectification, restriction, object Data subject | agent IT | AMS
Consultation Services Potential Customers Contact details Internal | ams vendor Article 6(1)(f) - legitimate interest provide customized research 90 days Access controls Access, rectification, restriction, object Data subject | agent IT | AMS
Consultation Services Potential Customers office details Internal | ams vendor Article 6(1)(f) - legitimate interest provide customized research 90 days Access controls Access, rectification, restriction, object Data subject | agent IT | AMS
Consultation Services Potential Customers consultation communications Internal | ams vendor Article 6(1)(f) - legitimate interest provide customized research 90 days Access controls Access, rectification, restriction, object Data subject | agent IT | AMS
Consultation Services Third-parties inquiry information Internal | ams vendor Article 6(1)(f) - legitimate interest customer service no archive Access controls, psuedonymization Access, rectification, restriction, object Data subject | agent IT | AMS
Log Consultation Services Potential Customers Contact details Article 6(1)(f) - legitimate interest business analytics historical Access controls Access, rectification, restriction, object Data subject | agent IT | AMS
Log Consultation Services Third-parties inquiry information Article 6(1)(f) - legitimate interest business analytics historical Access controls, psuedonymization Access, rectification, restriction, object Data subject | agent IT | AMS
electronic library access Potential Customers Contact details Article 6(1)(f) - legitimate interest provide reference materials historical Encrypted file | password protected file Access, rectification, restriction, object Controller IT | AMS
electronic library access Potential Customers general web session data Article 6(1)(f) - legitimate interest business analytics historical Encrypted file | password protected file Access, rectification, restriction, object Controller IT | AMS
ePublications Potential Customers Contact details Article 6(1)(f) - legitimate interest industry news and education no archive Encrypted file | password protected file Access, rectification, restriction, object Controller IT | AMS
ePublications Potential Customers recipient preferences Article 6(1)(f) - legitimate interest industry news and education End of customer relationship plus 7 Encrypted file | password protected file Access, rectification, restriction, object Controller IT | AMS
text Alerts Potential Customers recipient preferences Internal | ams vendor Article 6(1)(f) - legitimate interest industry news and education End of customer relationship plus 7 Access, rectification, restriction, object Data subject | agent IT | AMS
text Alerts Potential Customers Contact details Internal | ams vendor Article 6(1)(f) - legitimate interest industry news and education no archive Access, rectification, restriction, object Data subject | agent IT | AMS
on-demand distance learning Potential Customers Contact details Article 6(1)(f) - legitimate interest industry news and education historical Access, rectification, restriction, object Data subject | agent IT | AMS
on-demand distance learning Potential Customers results/activity Article 6(1)(f) - legitimate interest industry news and education historical Access, rectification, restriction, object Data subject | agent IT | AMS
on-demand distance learning Potential Customers session communications Article 6(1)(f) - legitimate interest industry news and education no archive Access, rectification, restriction, object Data subject | agent IT | AMS
CE Processing Potential Customers name Article 6(1)(c) - legal obligation N/A licensing authority as required by state statute Access and rectification Data subject | agent IT | AMS
CE Processing Potential Customers license number Article 6(1)(c) - legal obligation N/A licensing authority as required by state statute Access and rectification Data subject | agent IT | AMS
CE Processing Potential Customers course results Article 6(1)(c) - legal obligation N/A licensing authority as required by state statute Access and rectification Data subject | agent IT | AMS
hosted webinar Potential Customers Contact details Article 6(1)(f) - legitimate interest industry news and education hosting vendor historical Access, rectification, restriction, object Data subject | agent IT | AMS
hosted webinar Potential Customers session communications Article 6(1)(f) - legitimate interest industry news and education hosting vendor historical Access, rectification, restriction, object Data subject | agent IT | AMS
hosted webinar Potential Customers participation details Article 6(1)(f) - legitimate interest industry news and education hosting vendor historical Access, rectification, restriction, object Data subject | agent IT | AMS
GIS Research Potential Customers Contact details Article 6(1)(f) - legitimate interest provide customized research historical Access, rectification, restriction, object Data subject | agent IT | AMS
GIS Research Potential Customers general web session data Article 6(1)(f) - legitimate interest provide customized research historical Access, rectification, restriction, object Data subject | agent IT | AMS
GIS Research Third-parties location Article 6(1)(f) - legitimate interest customer service no archive Access, rectification, restriction, object Data subject | agent IT | AMS
Profile Maintenance Potential Customers professional details Article 6(1)(f) - legitimate interest customer service End of customer relationship plus 7 Access, rectification, restriction, object Data subject | agent IT | AMS
Profile Maintenance Potential Customers user preferences Article 6(1)(f) - legitimate interest customer service End of customer relationship plus 7 Access, rectification, restriction, object Data subject | agent IT | AMS
GDPR Article 6 lawful basis for
processing personal data
Legitimate interests for the processing
(if applicable)
Name and contact
details of joint
controller (if
applicable)
General description of technical and
organizational security measures (if
possible)
The source of the personal
data (if applicable)
Link to contract
with processor
Names of
third
countries or
internationa
l
organization
s that
personal
data are
transferred
to (if
applicable)
Safeguards
for
exceptional
transfers of
personal
data to third
countries or
internationa
l
organization
s (if
applicable)
Article 9
basis for
processing
special
category
data
Link to
record of
legitimate
interests
assessment
(if
applicable)
Existence of
automated
decision-
making,
including
profiling (if
applicable)
Link to
record of
consent
Location of personal
data (for access request)
Data
Protection
Impact
Assessment
required?
Data
Protection
Impact
Assessment
progress
Link to Data
Protection
Impact
Assessment
Has a
personal
data breach
occurred?
Link to
record of
personal
data breach
Data
Protection
Bill
Schedule
Condition
for
processing
Special
Category
Article 6
lawful basis
for
processing
Link to
retention
and erasure
policy
document
Is personal
data
retained
and erased
in
accordance
with the
policy
document?
Reasons for
not
adhering to
policy
document
(if
applicable)
Business
function
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Encrypted collection, access controls,
secure storage
IT | ams| consultation
staff
IT | ams| consultation
staff
Internal | ams vendor | member
company administrator
IT | ams| consultation
staff
Internal | ams vendor | member
company administrator
IT | ams| consultation
staff
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Encrypted collection, access controls,
secure storage
Internal | LMS vendor | corporate
member LMS
Encrypted collection, access controls,
secure storage
Internal | LMS vendor | corporate
member LMS
Encrypted collection, access controls,
secure storage
Internal | LMS vendor | corporate
member LMS
Encrypted collection, access controls,
secure storage
Internal | licensing authority |
member company administrator
Encrypted collection, access controls,
secure storage
Internal | licensing authority |
member company administrator
Encrypted collection, access controls,
secure storage
Internal | licensing authority |
member company administrator
Encrypted collection, access controls,
secure storage
Internal | hosting vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | hosting vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | hosting vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage, psuedonymization
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Encrypted collection, access controls,
secure storage
Internal | LMS vendor | corporate
member LMS
Encrypted collection, access controls,
secure storage
Internal | LMS vendor | corporate
member LMS
Encrypted collection, access controls,
secure storage
Internal | LMS vendor | corporate
member LMS
Encrypted collection, access controls,
secure storage
Internal | licensing authority |
member company administrator
Encrypted collection, access controls,
secure storage
Internal | licensing authority |
member company administrator
Encrypted collection, access controls,
secure storage
Internal | licensing authority |
member company administrator
Encrypted collection, access controls,
secure storage
Internal | hosting vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | hosting vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | hosting vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage, psuedonymization
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage
Internal | ams vendor | member
company administrator
Encrypted collection, access controls,
secure storage

9. Purpose of processing Categories of individuals Categories of personal data Categories of recipients Rights available to individuals
Annual Dues Existing Customers Billing Contact details Internal Article 6(1)(b) - contract N/A 7 years Access controls Data subject | agent IT | Administration
Annual Dues Existing Customers Credit Card Details Credit Processor Article 6(1)(b) - contract N/A Should not be stored Encrypted transaction Data subject | agent Finance/Accounting
Annual Dues Existing Customers Bank Check/Draft Details Internal & Bank Article 6(1)(b) - contract N/A 7 years Data subject | agent Finance/Accounting
Annual Dues Existing Customers Billing Inquiries Internal Article 6(1)(b) - contract N/A no archive Access controls Data subject | agent IT | Administration
Member Profile Existing Customers Leadership Details Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Data subject | agent IT | AMS
Committee Involvement Existing Customers Contact Details Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Data subject | agent IT | AMS
Utilization Report Existing Customers Employee Subscribers Details Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Access controls Data subject | agent | internal IT | AMS
Utilization Report Existing Customers Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Access controls Data subject | agent | internal IT | AMS
Utilization Report Existing Customers Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Access controls Data subject | agent | internal IT | AMS
User Management Existing Customers Employee Subscriber Details Internal | AMS Article 6(1)(f) - legitimate interest direct marketing Rec. 47 historical Access controls Data subject | agent IT | AMS
Executive ePublications Existing Customers Leadership Details Internal | AMS Article 6(1)(f) - legitimate interest direct marketing Rec. 47 historical Access controls Data subject | agent IT | AMS
Annual Dues Potential Customers Billing Contact details Internal Article 6(1)(b) - contract N/A 7 years Access controls Data subject | agent IT | Administration
Annual Dues Potential Customers Billing Inquiries Internal Article 6(1)(b) - contract N/A no archive Access controls Data subject | agent IT | Administration
Member Profile Potential Customers Leadership Details Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Data subject | agent IT | AMS
Utilization Report Potential Customers Employee Subscribers Details Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Access controls Data subject | agent | internal IT | AMS
Utilization Report Potential Customers Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Access controls Data subject | agent | internal IT | AMS
Utilization Report Potential Customers Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Access controls Data subject | agent | internal IT | AMS
User Management Potential Customers Employee Subscriber Details Internal | AMS Article 6(1)(f) - legitimate interest customer service historical Access controls Data subject | agent IT | AMS
Executive ePublications Potential Customers Leadership Details Internal | AMS Article 6(1)(f) - legitimate interest direct marketing Rec. 47 historical Access controls Data subject | agent IT | AMS
GDPR Article 6 lawful basis for processing
personal data
Legitimate interests for the
processing (if applicable)
Name and
contact details of
joint controller
(if applicable)
Retention schedule
(if possible)
General description
of technical and
organizational
security measures (if
possible)
The source of the personal data
(if applicable)
Link to
contract
with
processor
Names of
third
countries or
internationa
l
organization
s that
personal
data are
transferred
to (if
applicable)
Safeguards
for
exceptional
transfers of
personal
data to third
countries or
internationa
l
organization
s (if
applicable)
Article 9
basis for
processing
special
category
data
Link to
record of
legitimate
interests
assessment
(if
applicable)
Existence of
automated
decision-
making,
including
profiling (if
applicable)
Link to
record of
consent
Location of personal data (for
access request)
Data
Protection
Impact
Assessment
required?
Data
Protection
Impact
Assessment
progress
Access, rectification, restriction,
portability
Access, rectification, restriction,
portability
secure storage,
encrypted transaction
Access, rectification, restriction,
portability
Access, rectification, restriction,
portability
Encrypted collection,
access controls
Access, rectification, restriction,
object
Encrypted collection,
access controls,
secure storage
Access, rectification, restriction,
object
Access, rectification, restriction,
object
Employee Subscribers Usage
Records
Access, rectification, restriction,
object
Employee Subscribers
Transcripts
Access, rectification, restriction,
object
Access, rectification, restriction,
object
Access, rectification, restriction,
object
Access, rectification, restriction,
portability
Access, rectification, restriction,
portability
Encrypted collection,
access controls
Access, rectification, restriction,
object
Access, rectification, restriction,
object
Employee Subscribers Usage
Records
Access, rectification, restriction,
object
Employee Subscribers
Transcripts
Access, rectification, restriction,
object
Access, rectification, restriction,
object
Access, rectification, restriction,
object

10. Link to Data
Protection
Impact
Assessment
Has a
personal
data breach
occurred?
Link to
record of
personal
data breach
Data
Protection
Bill
Schedule
Condition
for
processing
Special
Category
Article 6
lawful basis
for
processing
Link to
retention
and erasure
policy
document
Is personal
data
retained
and erased
in
accordance
with the
policy
document?
Reasons for
not
adhering to
policy
document
(if
applicable)
Business
function

11. Purpose of processing Categories of individuals
Booth Purchase Existing Customers
Booth Purchase Existing Customers
Booth Purchase Existing Customers
Booth Purchase Existing Customers
Booth Purchase Existing Customers
Booth Purchase Existing Customers
Booth Purchase Existing Customers
Lead Retrieval Service Existing Customers
Hall Setup Existing Customers
Exhibitor Session Registration Existing Customers
Exhibitor Booth Staffing Registration Existing Customers
Existing Customers
Exhibitor Session Registration Existing Customers
Exhibitor Booth Staffing Registration Existing Customers
Existing Customers
Sponsorship Existing Customers
Sponsorship Existing Customers
Sponsorship Existing Customers
Sponsorship Existing Customers
Exhibitor Special Event Staff
Registration
Exhibitor Special Event Staff
Registration

12. Sponsorship Existing Customers
Sponsorship Existing Customers
Sponsorship Existing Customers
Expo Operations Existing Customers
Expo Operations Existing Customers
Expo Operations Existing Customers
Attendee List Event Participants
Name Badges Event Participants
Name Badges Event Participants
Conference App Existing Customers
Conference App Existing Customers
Prepare Print Materials Existing Customers
Prepare Print Materials Existing Customers
Conference Print Materials Existing Customers
Conference Print Materials Existing Customers
Web Page Design Existing Customers
Web Page Design Existing Customers
Conference Web Page Existing Customers
Conference Web Page Existing Customers
Association Social Media Existing Customers
Association Social Media Existing Customers
Association ePubs Existing Customers
Association ePubs Existing Customers
Website Secure Access Existing Customers

13. Conf App Secure Access Existing Customers
Direct marketing Existing Customers
Direct marketing Existing customers
Direct marketing Existing customers
Direct marketing Existing Customers
Historical Analysis Existing Customers
Historical Analysis Existing Customers
Quote Business Potential Customers
Quote Business Potential Customers
Quote Business Potential Customers
Direct marketing Potential Customers
Direct marketing Potential Customers
Direct marketing Potential Customers
Legal Notices Existing Customers
Legal Notices Existing Customers
Security Notices Existing Customers
Security Notices Existing Customers
Hotel Room Block Commitment Existing Customers
Create Promotional Materials Event Participants
Create Promotional Materials Event Participants
marketing and promotional advertising Event Participants
marketing and promotional advertising Event Participants