Maintaining records of processing under the GDPR

Under Article 30 of the GDPR, data controllers and data processors are required to maintain appropriate records of processing activities. According to the article, the records that should be kept include:

  • The categories of processing
  • The contact details for your Data protection officer (if relevant)
  • The contact details for your EU representative (if relevant)

Contact information for a Data protection officer (DPO) or an EU representative may not be applicable to your business. For example, some businesses are exempt from the requirement to appoint a DPO. Learn more about whether you need to appoint a DPO

In the case of an investigation, you may be asked to present this information to the supervisory authority. You should also keep track of any data processors that you have engaged with (such as ScheduleOnce) and ensure that you have the relevant details. You can find our DPO and EU representative details in the ScheduleOnce DPA.

The details should be kept in written form and it is best if they are stored electronically. To ensure compliance, ScheduleOnce requires that you provide and maintain this information in your ScheduleOnce account settings.

To submit or update your GDPR information, navigate to Account -> Settings -> GDPR compliance where you will see a field for each of the required items. 



 

Note: Some of the items may not be required under certain circumstances. For example, if your business is based in the EU, you are not required to have an EU representative.  If you have additional questions about Article 30 of the GDPR contact us for more information.


To learn more about ScheduleOnce's compliance with the GDPR, read our ebook: A practical guide to using ScheduleOnce in a GDPR compliant manner

Rate this article