EU General Data Protection Regulation Article 30
Article 30 pertains to Records of Processing Activities. Not only do organisations have to keep records, and in addition, they have to be able to produce them on-demand.
In order to meet this requirement, an organisation should follow these best practices:
- Create a centralised, secure data inventory that can be maintained over time
- Provide stakeholders across the organisation with visual data maps of business process flows
- Ensure that all information necessary for the Article 30 reports is recorded so that reports can be generated on-demand
- Generate a scalable, sustainable process for meeting Article 30 requirements
Visual data maps make it easier for stakeholders across the organisation to see how data flows through complex business processes. Unlike an Excel spreadsheet that confines multilinear connections between different data flows to rows and columns, a visual data map makes it easier to follow the data throughout the business process.
When data inventories are kept up to date, generating current reports will be an easier task. While data maps and data inventories are not required by the GDPR, they provide a great foundation for building the reports necessary to meet GDPR requirements. To gain stakeholder buy in, we suggest highlighting these benefits that a comprehensive data inventory will bring:
|Business Unit||Focus||Benefits to BU & Business|
|InformationTechnology||identifying storage redundancies||• Reduce infrastructure complexity• Cost savings|
|Information Security||understanding what data reside in which systems||• Prioritize protection efforts – focus on high risk, high value• Establish appropriate access controls|
• Cost savings
|Operations||visualizing flows and uses of data throughout the company||• Reduce redundancies• Improve efficiencies|
• Cost savings
|Procurement||identifying points at which the company shares information with third party vendors and understanding the sensitivity of the data being shared||• Support risk-based vendor management• Greater efficiency in contract management|
• Cost savings
After creating a data inventory and visual data maps, an organisation still has to be able to generate Records of Processing Activities.
Data Flow Manager, part of the SCS Privacy Platform can generate an on-demand report of these records, because our privacy experts have purpose built this solution to meet these GDPR requirements.
The solution combines powerful technology with privacy expertise, providing a streamlined way to generate sustainable data inventories and visual representations of data throughout the lifecycle. Data Flow Manager also helps businesses prepare to meet privacy regulations, including the GDPR because it provides Article 30 reports on-demand.
- Create a sustainable data inventory
- Visual data maps
- Article 30 reports on-demand
- Optional assistance building sustainable processes from SCS privacy experts
See the power of SCS Data Flow Manager by arranging to speak with one of our privacy experts.