Kent Fire and Rescue Service
Data Protection and Information Security Policy

35. Written records of processing activities must be kept within the Authority inventory of data processing and should include:

• the name and details of the service unit carrying out the processing
• the purposes of the processing
• the lawful basis for the processing
• a description of the categories of individuals and categories of personal data
• whether personal information of children is being processed
• details of the recipients of personal information
• where relevant, details of transfers to countries outside of the European Economic Area or to international organisations, including documentation of the transfer mechanism safeguards in place
• retention schedules
• a description of technical and organisational security measures in place.

36. As part of The Authority’s record of processing activities the Data Protection Officer will document, or link to documentation, on: 

• information required for privacy notices
• records of consent
• controller-processor contracts
• the location of personal information
• data protection impact assessments and 
• records of data breaches.

37. Records of processing of special category personal information are kept on:

• the relevant purposes for which the processing takes place, including why it is necessary for that purpose
• the lawful basis for our processing and
• whether the personal information is retained or erased in accordance with The Authority’s Publication and Retention Scheme and, if not, the reasons why.

38. This information is available in the detailed Publication and Retention Scheme retention scheme, 
available on the intranet to all staff. A version is also published on the Authority’s website.