The Belgian Data Protection Authority (DPA) has published a template for maintaining records of processing under Article 30 of the GDPR. The template incorporates more than is specifically required under Article 30, thus providing the user with an overview that includes additional information that is important in regard to the GDPR. The template is available only in French and Dutch, but we have provided an unofficial translation here.
- The minimum required fields, under Article 30, are in red text.
- The fields “end date processing” and “substitute processing” under the heading “status” may be helpful to organisations wishing to have an overview of the important aspects of past processes, in addition to those that are currently live.
- The template includes 5 tabs:
- Identification is for identifying the organisation and DPO, if applicable.
- Registry is where the details about the various processing activities are filled in. Selecting the “+” above a column will unhide fields related to each column.
- Lists includes sample values to assist in filling in the registry. Selecting the “+” next to a row will unhide fields related to that row.
- Manual Registry explains how to fill in the registry.
- Mapping declaration is used for comparing your registry with your previously completed declaration of processing that was submitted under the EU Data Protection Directive.
As stated by the DPA, the template is not an official document. Your Article 30 records could take another form, so long as the primary purpose of the records (e.g. for meeting Article 30 requirements) is retained.
How OneTrust Helps
Data mapping and inventory are critical components of any privacy program, and the Belgian DPA’s template is excellent guidance. OneTrust incorporates knowledge gained from regulatory guidance such as this, and others, in its suite of product offerings.
OneTrust provides a simple and automated solution for data mapping, designed to address compliance with GDPR Article 30 record keeping requirements and self-certification with Privacy Shield for data transfers. OneTrust Data Mapping helps organisations to visualise the entire data lifecycle, maintain an evergreen data inventory (data processing register), identify gaps, and track recommendations, evidence, and approvals for remediating risk.
