Use this tracker before rewriting anything. The aim is to update existing documents cleanly, not restart the whole GDPR folder.
| Document | Current version date | Profession-specific update area | Status | Owner |
|---|---|---|---|---|
| Privacy notice | client addresses, access instructions, keys, alarm codes, property notes, before and after photos, recurring visit records, invoices, and messages. | |||
| Client consent form | address and access notes, keys or alarm details, property photos, recurring visit notes, emergency contact details, and marketing consent kept separate. | |||
| Complaints process | Data protection complaint route, 30 day acknowledgement, investigation notes, updates, and outcome response. | |||
| Subject access process | Search locations, identity checks, third-party data review, response log, and deadline ownership. | |||
| Retention schedule | access instructions, key records, property notes, recurring service records, complaints, incidents, invoices, and photo evidence. | |||
| Breach log | Incident details, data involved, people affected, action taken, risk decision, reporting decision, and final outcome. | |||
| Supplier register | Booking, payments, messaging, forms, storage, accounting, website, and any specialist software. |