A document accessible to your customers, which explains what personal data you process and what you do with that data. For example, if it is shared with third parties.
This is where your organisation records the processing of personal data. It includes the legal basis for processing that personal data and how you secure it. This document demonstrates your compliance with the requirements of the GDPR.
if your organisation engages a third party to process personal data, you must have a processor agreement. This governs the responsibilities involved in the processing of personal data. It includes agreements about, among other things, the purpose and duration of the processing, the way in which the personal data is processed and the people who have access to that data.