If your company is handling personal data, you are required by the GDPR to keep and maintain an up-to-date record of your data processing activities.
The requirement of documentation applies both to the data controller and data processor. To find out if you are a controller or processor read more.
If you are a controller, you decide why and how personal data is processed. Controllers need to document the following:
If you are a processor for the personal data you process, you need to document the following:
As part of our privacy hub the Openli’s team of Privacy Success Managers will reach out to your data processors to collect all the relevant information you need in order for you to comply with the GDPR. When all available information has been collected from your data processors, the vendor profiles are made available for you to review. This makes it easy to seamlessly create and maintain your record of processing activities in accordance with the GDPR Article 30. You will be able to generate an updated Article 30 report based on your vendor information whenever it is needed and your dedicated Privacy Success Manager will reach out to your vendors every 6 months to ensure that the data is up to date.