Records of Processing Activities (Art. 30 GDPR) in Analogue and Digital Ecosystems
Records of Processing Activities (Art. 30 GDPR) in Analogue and Digital Ecosystems

Summary/Abstract: Records of processing activities or so-called procedure logs often are an important basis to understand data flows and risks. At a first glance art. 30 GDPR makes the impression that records of processing activities are created for documentary reasons to feed supervisory authorities. According to art. 30 IV GDPR records of processing activities have to be presented to authorities on request. Moreover, a procedure log is valuable for an organization to understand, manage and steer data effectively. It is risky not to have an overview about data used by different functions and people, in different entities and cultures, in particular for data exchanged cross over jurisdictions or with third parties. Additionally, the data world is becoming more complex, communication volumes, speed and latency are increased. The internet of things is penetrating all areas of organizations, society and states. Such developments do not only take place internally. Many interfaces connect internal organizational processes, applications or devices with external people, service provider, supplier, customer, consumer or authorities. Machine to machine communication is expanding. This is the digital sphere in parallel to the analogue world many people are still very much used to. To cope with this matrix of analogue and digital ecosystems and means the GDPR requires the use of different instruments such as risk assessments, data protection impact assessments, technical or organizational measures. One of the basics are the records of processing activities.

• Details
• Contents