Documentation under the GDPR – the ICO goes on the record

March 13, 2018

Article 30 of the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, places an obligation upon data controllers and processors to keep internal records of data processing activities. The data protection supervisory authority for the UK, the Information Commissioner’s Office (ICO), has recently published detailed guidance on these record-keeping requirements. The ICO suggests that keeping records of processing will be beneficial to organisations, providing an assurance as to the “quality, completeness and provenance” of personal data as well as helping to develop more effective and streamlined business processes. Record-keeping will also help organisations demonstrate their compliance with the GDPR more generally – part of the principle of accountability which is so important under the GDPR. The key points from the guidance are summarised below. 

Read 'Documentation under the GDPR – the ICO goes on the record'