GDPR compliance checks under way?
Dutch DPA randomly selects 30 businesses for Art 30 checks
The GDPR only passed on 25 May 2018 and the Dutch DPA is now checking to see if businesses are complying with one of the most fundamental ongoing requirements: maintaining your Article 30 Records.
Is this just spin?
Not at all. All controllers and processors must maintain certain records under Article 30 of the GDPR. And supervisory authorities – the data protection authorities – can ask to see them at any time.
Can’t I be a record breaker?
Very unlikely. First, Article 30 Records must be maintained by every controller and processor with 250 or more employees. Second, even if you’re under 250 employees, you still need to maintain them if, for example, your processing is likely to result in a risk to data subjects, is not occasional, or the processing includes special categories. If you’ve a single employee, you’ve got to maintain these records.
So, what do I need to keep track of?
Before GDPR, controllers had to register with their data protection authority and notify the DPA of the categories of personal data they processed, the data subjects, the purposes, and other high-level details on transfers etc. If you printed your notification out, it’d be about a page and a half.
But there was quite a disparity around the EEA in terms of what you had to do, and this is one area that GDPR set out to harmonise. While you still need to register with the UK ICO for example, GDPR does way with that summary notification of your processing activities – you now have to maintain something similar yourself, as your ‘Article 30 Records’.
(They’re called that because the obligation is in Article 30 of the GDPR. And the obligation is now on processors as well as controllers.)
So, do you have yours ready and can you locate them right now? Do they automatically update over time as your activities change?
See how Keepabl’s Privacy-as-a-Service automatically and instantly creates your Article 30 Records as you create your Data Map, and how we update them instantly as soon as you change your details.
It’s one of the ways Keepabl makes GDPR compliance easier.
Related Articles
Blog Downloads
UK GDPR Brexit Reforms & Accountability
The UK government claims that the reforms in the draft UK Data Protection and Digital Information Bill, published by the government on 18 July 2022, will reduce ‘the burdens on…
Blog
GDPR is 3 years old today!
Well, that was a year! The thing with GDPR, is that it’s always so intense that you have to live in the moment, and it’s too easy to forget what…
KEEPABL is the trade mark of Keepabl Ltd | Company #: 11043685 | Registered office 86-90 Paul Street, London EC2A 4NE | VAT #: 281 5220 22
Keepabl is a regulatory compliance service provided for information only, not legal advice. Always consult your lawyer on legal matters.
Web Design & Development by MazeSpace Studios Ltd