Record keeping, or a Record of Processing, is mandatory for all organisations under GDPR. There are some exemptions for organisations with under 250 employees in that they do not need to have comprehensive records of processing, but there still needs to be a record.
The GDPR requires the following record of processing to be kept:
- The details of the Data Controller or Data Processor and any representatives (Data Protection Officer)
- The categories of processing activities performed
- Information involving Cross-Border Data Transfers
- A general description of the security measures in place in respect of the processed data
CaPS can develop a record of processing and data inventory which is compliant with the GDPR requirement.
Contact us for a personalised quotation for a complete record of processing.