| Roles and rights | Who determines purpose, acts on instructions, owns or licenses each data class, and can approve access? | Approved contract terms, data classification and responsibility map |
| Providers and locations | Which organisations and systems process each copy, in which locations, under which transfer route? | Current architecture, provider register, data-flow trace and transfer review |
| Access and support | Which customer, platform and partner roles can access data, and how is exceptional access approved and reviewed? | Authorisation tests, access records, elevation controls and review evidence |
| Retention and deletion | How long does each active, deleted, logged, backed-up or legally held copy remain? | Approved schedule, deletion test, hold procedure and exception register |
| Portability and exit | What can an authorised customer retrieve, in which structure, with what audit context and verification? | Export specification, sample output, completeness test and offboarding runbook |
| AI-assisted processing | Which data may be sent to a model, for what purpose, with what isolation, retention and human approval? | Provider terms, data-flow test, provenance record, limitation notice and opt-in boundary |