Use this tracker before rewriting anything. The aim is to update existing documents cleanly, not restart the whole GDPR folder.
| Document | Current version date | Profession-specific update area | Status | Owner |
|---|---|---|---|---|
| Privacy notice | client details, appointment notes, access information, documents, images, invoices, payments, and messages. | |||
| Client consent form | client records, appointment notes, files, photos, optional marketing, and service messages kept separate. | |||
| Complaints process | Data protection complaint route, 30 day acknowledgement, investigation notes, updates, and outcome response. | |||
| Subject access process | Search locations, identity checks, third-party data review, response log, and deadline ownership. | |||
| Retention schedule | client details, appointment notes, documents, consent records, complaints, incidents, invoices, and marketing consent. | |||
| Breach log | Incident details, data involved, people affected, action taken, risk decision, reporting decision, and final outcome. | |||
| Supplier register | Booking, payments, messaging, forms, storage, accounting, website, and any specialist software. |