You can use this form to provide instructions to GDP Armour so that we can add a new data asset to your organisation’s Information Asset Registry.

Please answer the questions to the best of your knowledge, but don’t worry if you can’t answer accurately or need advice and assistance to do so; we can deal with any snagging issues later.

Note: this will be the name it is commonly referred to within the organisation. It may be a computer system, or a manual file.
Note: these will usually be contractors, suppliers or business partners.
Click or drag a file to this area to upload.

Privacy Notice
Some of the data we collect as part of this questionnaire will constitute personal data and as such falls under the General Data Protection Regulation. For the purposes of this fact-finding process, the data we collect is controlled by GDP Armour (the Data Controller). We will only process this information for the purpose of completing our audit process and to provide advice to our Clients on the categories of data they hold, the purposes for the data being collected, how data flows through their organisation, which categories of employees or workers have access and how data is stored and kept secure. These purposes are justified under Article 6(1, f) of the GDPR: they are necessary for our legitimate interests, namely that we produce a comprehensive study of data flows in the course of advising our clients. The data we collect as part of this form will be stored and processed only for as long as it takes to produce a report for our client, which we call an Information Asset Register. No part of this report contains personal information. Data is stored with our secure cloud hosts, on secure servers in Europe, and in Europe and the US. We also store data on company IT systems which are encrypted and password protected. If the purpose for processing any part of this data changes we will notify you in writing. Under the GDPR data subjects are entitled to certain rights, including the right to erasure, objection, rectification, restriction and to access the data we hold about you. We will not interfere with these rights unless we have a legal basis for doing so. All subject access requests should be directed to our chief data officer, David Charity, at, and will be completed within one month. You also have the right to lodge a complaint with the Information Commissioner’s Office – please visit for more information.