Define a data governance specification for after-hours logs compliant with [Jurisdiction]. Map data elements to lawful bases, classify sensitivity, and set a retention schedule of [RetentionPeriod] with secure destruction. Include DSAR handling within [DataSubjectAccessSLA], roles ([DPOName]), and processor oversight (e.g., [LawFirm] guidance). Address CCTV pairing, biometrics, and cross-border transfers.
Output format:
Data Inventory (table: Field | Purpose | Lawful Basis | Retention | Access Roles)
Retention Schedule & Disposal Workflow (step list)
DSAR Workflow (swimlane text: Requester/Legal/Security/IT)
Risk Assessment (table: Risk | Likelihood | Impact | Mitigation | Residual)
Policy Snippets for Employee Handbook (≤150 words).
Include audit trail requirements for changes to schedules.