What is Article 30 of the GDPR?

What is Article 30?

Article 30 requires organisations that non-occasionally process personal data to maintain records of processing activities.  The records should include information such as the purpose of processing, lawful basis, categories of personal data processed, recipients of personal data, information on transfers, security measures, etc. 

This requirement applies both to controllers and processors, while requirements for the contents of the records are slightly different. You can read more in our article Records of processing activities in GDPR Article 30

Latest Blog Posts