GDPR compliance checks under way?
Dutch DPA randomly selects 30 businesses for Art 30 checks
The GDPR only passed on 25 May 2018 and the Dutch DPA is now checking to see if businesses are complying with one of the most fundamental ongoing requirements: maintaining your Article 30 Records.
Is this just spin?
Not at all. All controllers and processors must maintain certain records under Article 30 of the GDPR. And supervisory authorities – the data protection authorities – can ask to see them at any time.
Can’t I be a record breaker?
Very unlikely. First, Article 30 Records must be maintained by every controller and processor with 250 or more employees. Second, even if you’re under 250 employees, you still need to maintain them if, for example, your processing is likely to result in a risk to data subjects, is not occasional, or the processing includes special categories. If you’ve a single employee, you’ve got to maintain these records.
So, what do I need to keep track of?
Before GDPR, controllers had to register with their data protection authority and notify the DPA of the categories of personal data they processed, the data subjects, the purposes, and other high-level details on transfers etc. If you printed your notification out, it’d be about a page and a half.
But there was quite a disparity around the EEA in terms of what you had to do, and this is one area that GDPR set out to harmonise. While you still need to register with the UK ICO for example, GDPR does way with that summary notification of your processing activities – you now have to maintain something similar yourself, as your ‘Article 30 Records’.
(They’re called that because the obligation is in Article 30 of the GDPR. And the obligation is now on processors as well as controllers.)
So, do you have yours ready and can you locate them right now? Do they automatically update over time as your activities change?
See how Keepabl’s Privacy-as-a-Service automatically and instantly creates your Article 30 Records as you create your Data Map, and how we update them instantly as soon as you change your details.
It’s one of the ways Keepabl makes GDPR compliance easier.
Related Articles
Blog
Keepabl's 2nd birthday!
Keepabl turns 2 on 2nd November 2019! Amazing to think we’ll be 2 years old tomorrow – the years have disappeared almost as quickly as this cake! It’s a great time…
Blog
Know your Sub-Processors from your Joint Controllers with powerful Entities Registers
Spot check! Within 30 seconds, can you show us a list of all the entities involved in your organisation’s personal data processing, plus have them separated out by role, and…
KEEPABL is the trade mark of Keepabl Ltd | Company #: 11043685 | Registered office 86-90 Paul Street, London EC2A 4NE | VAT #: 281 5220 22
Keepabl is a regulatory compliance service provided for information only, not legal advice. Always consult your lawyer on legal matters.
Web Design & Development by MazeSpace Studios Ltd