GDPR compliance checks under way?
Dutch DPA randomly selects 30 businesses for Art 30 checks
The GDPR only passed on 25 May 2018 and the Dutch DPA is now checking to see if businesses are complying with one of the most fundamental ongoing requirements: maintaining your Article 30 Records.
Is this just spin?
Not at all. All controllers and processors must maintain certain records under Article 30 of the GDPR. And supervisory authorities – the data protection authorities – can ask to see them at any time.
Can’t I be a record breaker?
Very unlikely. First, Article 30 Records must be maintained by every controller and processor with 250 or more employees. Second, even if you’re under 250 employees, you still need to maintain them if, for example, your processing is likely to result in a risk to data subjects, is not occasional, or the processing includes special categories. If you’ve a single employee, you’ve got to maintain these records.
So, what do I need to keep track of?
Before GDPR, controllers had to register with their data protection authority and notify the DPA of the categories of personal data they processed, the data subjects, the purposes, and other high-level details on transfers etc. If you printed your notification out, it’d be about a page and a half.
But there was quite a disparity around the EEA in terms of what you had to do, and this is one area that GDPR set out to harmonise. While you still need to register with the UK ICO for example, GDPR does way with that summary notification of your processing activities – you now have to maintain something similar yourself, as your ‘Article 30 Records’.
(They’re called that because the obligation is in Article 30 of the GDPR. And the obligation is now on processors as well as controllers.)
So, do you have yours ready and can you locate them right now? Do they automatically update over time as your activities change?
See how Keepabl’s Privacy-as-a-Service automatically and instantly creates your Article 30 Records as you create your Data Map, and how we update them instantly as soon as you change your details.
It’s one of the ways Keepabl makes GDPR compliance easier.
Related Articles
Blog Case Studies News & Awards
St Giles Trust chooses Keepabl to manage GDPR obligations
St Giles Trust empowers people who are not getting the help they need, using their expertise and real-life past experiences. Between 2019 and 2020, the charity helped over 20,000 people,…
Blog
Google USA takes control
Google’s recently announced that – due to Brexit – it’s changing data controller for UK users from Google Ireland to Google USA. This has led to some alarmist reporting. What’s…
KEEPABL is the trade mark of Keepabl Ltd | Company #: 11043685 | Registered office 86-90 Paul Street, London EC2A 4NE | VAT #: 281 5220 22
Keepabl is a regulatory compliance service provided for information only, not legal advice. Always consult your lawyer on legal matters.
Web Design & Development by MazeSpace Studios Ltd