Register of Processing activities, yes, it’s a huge asset for your company
As you most likely already know, on May 25th 2018, the General Data Protection Regulation (GDPR) came into force. You may also know by now that this EU regulation is here and here to stay. The GDPR lays down new rules on how data must be protected, how the processing of personal data must be transparent and more. As recent as last week, the Dutch ‘Autoriteit Persoonsgegevens’ issued a fine of €600.000 to Uber for not disclosing their personal data leak in an appropriate timeframe.
Amongst other requirements the GDPR obligates written documentation and overview of procedures by which personal data are processed. This obligation to create records of processing activities, the so-called: “Register of Processing activities” is not only imposed on the controller and their representative, but also directly on the processor and their representatives. The Register of Processing activities must include significant information about data processing, including data categories, the group of data subjects, the purpose of the processing and the data recipients. To many companies this obligation is seen as a nuisance and an added administrative burden …