Once the data audit has been performed and
documented, it is time to assess
how such data is managed by
your organization to make sure that this process fully complies with GDPR.
The result of this analysis should produce a report for each category of data identified in the data audit phase, highlighting the current management policy, together with all measures put in place to protect personal data and allow data subjects to fully excercise their rights.
In the edit page of the data audit, click on the add (+) icon for the field "data management policy". Then, you can insert all details about the data policy. In this case, the data is handled by a web application that stores the data in encrypted form, and allows only specific (authorized) users to access the data.
Please note that in general, for each data management policy, you should specify: