Why documentation is essential
Under the GDPR accountability principle (Art. 5(2)), organizations must not only comply with GDPR but be able to demonstrate compliance. Training is one of the clearest examples: it is not sufficient to have conducted training — you must be able to prove it, particularly if a supervisory authority opens an inquiry or a data breach occurs.
What we provide
- Signed participation lists: Date, trainer, content covered, and participant signatures
- Certificates of completion: Individual certificates for each participant
- Training content summary: A written record of what was covered, usable as evidence
- Training history overview: A log of all completed training sessions, suitable for inclusion in your Records of Processing Activities (RoPA)
Integration with your compliance documentation
Training documentation integrates with your broader GDPR documentation set. We can provide training records in formats compatible with your document management system, and reference them within your Records of Processing Activities (RoPA) and your compliance audit trail.
Recommended training frequency
Supervisory authorities generally expect annual data protection training for all employees who process personal data as part of their role. New employees should receive training during onboarding — ideally before they begin processing personal data. After significant incidents or regulatory changes, additional targeted training may be appropriate.