Article 30 is the part of the GDPR that refers to the record keeping required by every business that processes personal data. All companies must keep records of processing activity, but those companies with more than 250 employees are required to keep very detailed records. For example:
- What personal data you hold
- How it is used
- How long it is stored
- How secure it is
- How and why it is processed
- Who has access to it
- Where it is controlled and where it is processed
- How long it is retained
- How accurate it is
- What permission you have to hold and process it in the ways that you do
- What processes you have to support the rights of data subjects
- And your process for breach detection and response
You are also required to maintain an inventory of personal data against which you assess the impact of a breach upon the data subject.
How We Help
UKGDPR can create a plan of how you can approach this exercise in a way that works for your business. We can help you identify the best outcome in the most cost-effective way, pulling together the information you already have, and building on that to create a comprehensive set of Article 30 compliant documentation.
Build a system based on Microsoft Office templates
We can build your documentation base using standard Microsoft office tools with our custom templates. Suitable for smaller organisations less than 250 people and those processing only small amounts of personal data.
Use Dedicate Compliance System OneTrust
We have successfully implemented OneTrust compliance systems for large organisations to make a central interactive system of record.
Using dedicated compliance software like OneTrust brings a number of benefits, and for large organisations it is essential to organise your workflow, capture risks, and work with 3rd parties.