Records of processing activities (Reporting)
If one of the following four criteria are met, organizations are required to keep a number of additional information based on whether they are a processor or controller of personal information.
If an organization:
- has 250 employees or more
- processes personal data that may infringe upon a persons rights and freedoms
- processes personal data on a frequent basis (not occasionally)
- uses specific data processing categories in Article 9(1) related to criminal convictions or offences as stated in Article 10
A large number of organizations have more than 250 employees and need to comply with Article 30. Depending on whether you are considered a processor or controller determines what additional information is required to be maintained. In either case descriptions of technical safeguards and how information is used or transferred are required.
Manual: Custom reports or export ready dashboards