Article 29, processing under the
authority of the controller or processor. In essence it’s talking about the
people who are doing work within your organization need to know what they’re
doing. You need to have trained them, and you need to be managing them so they’re
doing the right job, in the right way and it can only be processed, the data can
only be processed, in the way that you’ve agreed and following the instructions
you’ve given. Article 30 is talking about the records of processing activities.
This is particularly relevant for larger organizations, or organizations dealing
with special or sensitive data. But you need to keep records of all the
processing you’ve done so that you can help untangle it, if something goes wrong
at some stage. It’s worth remembering that for each bit of processing, you
probably also need to keep the contractual bits about what the
processing is about, what categories of data are included ,what the purpose was, and what
the grounds the legal grounds for the processing was as
well, as part of parcel of your record-keeping in case you one day need
to present it as part of understanding what went wrong.

Author Since: Mar 11, 2019

Related Post