Use this tracker before rewriting anything. The aim is to update existing documents cleanly, not restart the whole GDPR folder.
| Document | Current version date | Profession-specific update area | Status | Owner |
|---|---|---|---|---|
| Privacy notice | client and site addresses, vehicle or property records, access instructions, diagnostic notes, job photos, parts and warranty records, invoices, payment details, and messages. | |||
| Client consent form | property or vehicle details, access notes, diagnostic photos, job evidence, warranty records, payment details, and marketing consent kept separate. | |||
| Complaints process | Data protection complaint route, 30 day acknowledgement, investigation notes, updates, and outcome response. | |||
| Subject access process | Search locations, identity checks, third-party data review, response log, and deadline ownership. | |||
| Retention schedule | job notes, diagnostic records, photos, parts and warranty evidence, invoices, complaints, incidents, and supplier records. | |||
| Breach log | Incident details, data involved, people affected, action taken, risk decision, reporting decision, and final outcome. | |||
| Supplier register | Booking, payments, messaging, forms, storage, accounting, website, and any specialist software. |