Mar 012018
 March 1, 2018  Posted by  Non-U.S.

Daniel Felz writes:

In just under 100 days, the EU General Data Protection Regulation (GDPR) enters into force. One of the major changes the GDPR introduces is a duty for in-scope controllers and processors to maintain written records of their processing activities.  Under Article 30 GDPR, companies will need to inventory all “processing activities under [their] responsibility” and memorialize them in a written record setting forth, inter alia, the purposes of processing operations, international transfers, and retention periods.

Article 30 GDPR thus creates a new kind of documentation obligation.  This obligation is not just new for US companies – to date, most EU states have not mandated that companies maintain internal records of how they process personal data.

Read more on Alston & Bird Privacy & Data Security Blog.

Sorry, the comment form is closed at this time.