Are you ready for the new records of processing activities requirements?

Under the GDPR, instead of providing notifications to the DPA, organisations will need to maintain their own internal documentation, and update those documents whenever something changes, this is the requirement laid out by Article 30.

A record of processing activities needs to contain a minimum number of elements, spelled out in the Regulation and include the purpose of the processing, categories of data subjects, whether personal data is being transferred, the categories of recipients for all data that will be disclosed, the third-party countries where data will be shared, as well as your retention periods. Finally, you’ll need to include the technical and organisational measures that you have in place to secure the data.

Source: GDPR Article 30: Are you ready for the new records of processing activities requirements?

>