Use this tracker before rewriting anything. The aim is to update existing documents cleanly, not restart the whole GDPR folder.
| Document | Current version date | Profession-specific update area | Status | Owner |
|---|---|---|---|---|
| Privacy notice | special category health information, clinical or treatment notes, home visit access details, appointment records, images, referral notes, invoices, and communication records. | |||
| Client consent form | treatment records, relevant health information, clinical images where needed, referral communication, emergency contact details, and marketing consent kept separate. | |||
| Complaints process | Data protection complaint route, 30 day acknowledgement, investigation notes, updates, and outcome response. | |||
| Subject access process | Search locations, identity checks, third-party data review, response log, and deadline ownership. | |||
| Retention schedule | clinical or treatment notes, consent records, referral correspondence, complaints, incidents, invoices, and insurance-related evidence. | |||
| Breach log | Incident details, data involved, people affected, action taken, risk decision, reporting decision, and final outcome. | |||
| Supplier register | Booking, payments, messaging, forms, storage, accounting, website, and any specialist software. |