The Belgian Data Protection Authority (DPA) has published a template for maintaining records of processing under Article 30 of the GDPR. The template incorporates more than is specifically required under Article 30, thus providing the user with an overview that includes additional information that is important in regard to the GDPR. The template is available only in French and Dutch, but we have provided an unofficial translation here.
As stated by the DPA, the template is not an official document. Your Article 30 records could take another form, so long as the primary purpose of the records (e.g. for meeting Article 30 requirements) is retained.
How OneTrust Helps
Data mapping and inventory are critical components of any privacy program, and the Belgian DPA’s template is excellent guidance. OneTrust incorporates knowledge gained from regulatory guidance such as this, and others, in its suite of product offerings.
OneTrust provides a simple and automated solution for data mapping, designed to address compliance with GDPR Article 30 record keeping requirements and self-certification with Privacy Shield for data transfers. OneTrust Data Mapping helps organisations to visualise the entire data lifecycle, maintain an evergreen data inventory (data processing register), identify gaps, and track recommendations, evidence, and approvals for remediating risk.