GDPR compliance checks under way?

Dutch DPA randomly selects 30 businesses for Art 30 checks

The GDPR only passed on 25 May 2018 and the Dutch DPA is now checking to see if businesses are complying with one of the most fundamental ongoing requirements: maintaining your Article 30 Records.

Is this just spin?

Not at all.  All controllers and processors must maintain certain records under Article 30 of the GDPR.  And supervisory authorities – the data protection authorities – can ask to see them at any time.

Can’t I be a record breaker?

Very unlikely.  First, Article 30 Records must be maintained by every controller and processor with 250 or more employees.  Second, even if you’re under 250 employees, you still need to maintain them if, for example, your processing is likely to result in a risk to data subjects, is not occasional, or the processing includes special categories.  If you’ve a single employee, you’ve got to maintain these records.

So, what do I need to keep track of?

Before GDPR, controllers had to register with their data protection authority and notify the DPA of the categories of personal data they processed, the data subjects, the purposes, and other high-level details on transfers etc.  If you printed your notification out, it’d be about a page and a half.

But there was quite a disparity around the EEA in terms of what you had to do, and this is one area that GDPR set out to harmonise.  While you still need to register with the UK ICO for example, GDPR does way with that summary notification of your processing activities – you now have to maintain something similar yourself, as your ‘Article 30 Records’.

(They’re called that because the obligation is in Article 30 of the GDPR.  And the obligation is now on processors as well as controllers.)

So, do you have yours ready and can you locate them right now?  Do they automatically update over time as your activities change?

See how Keepabl’s Privacy-as-a-Service automatically and instantly creates your Article 30 Records as you create your Data Map, and how we update them instantly as soon as you change your details.

It’s one of the ways Keepabl makes GDPR compliance easier.

Arrange your demo today!

Related Articles

GDPR's 2nd anniversary

GDPR’s just turned 2 – here’s our overview 25 May 2020 went past with a whisper compared to 25 May 2018.  GDPR entered the ‘terrible two’s at a time when…

Read More
GDPR's global business impact, Brexit and our founder's story

Watch the video on Privacy Kitchen! We’re very grateful to Copenhagen Business School for the opportunity to share this excellent interview by their Associate Professor, Pedro Telles, for CBS’s students. …

Read More