There are some similarities between documenting your processing activities under the GDPR and the information you had to provide when registering with the ICO under the Data Protection Act 1998 (the 1998 Act). A key difference is that you no longer need to proactively provide this information to the ICO as part of an annual registration process. However, you may have to make it available to the ICO on request; for example, for an investigation. You do this by (i) carrying out an Information Audit and (b) collating this information in an Information Asset Register.
You can use your existing register entry for the 1998 Act as a basis from which to create your record of processing activities. You may wish to do an information audit to get a more comprehensive view of the types of personal data you hold and what you do with it. Your processing activities must be documented in writing
