Record keeping is mandatory in most cases under GDPR, with exemptions for organisations with under 250 employees. These exemptions apply only if your data processing isn’t routine and in most commercial organisations, it is!
The GDPR requires the following record of processing to be kept:
- The details of the Data Controller or Data Processor and any representatives (Data Protection Officer)
- The categories of processing activities performed
- Information involving Cross-Border Data Transfers
- A general description of the security measures in place in respect of the processed data
CaPS will enhance the data inventory/ map with the additional components required to provide a compliant set of processing records.
Contact us for a personalised quotation for a complete record of processing.