Does the GDPR Require a Personal Data Inventory? Answer: No
View the Recording >>>
View the Recording below
Many privacy officers seem to be under the impression that Article 30 of the General Data Protection Regulation (GDPR) on records of processing activities creates a legal obligation for a data inventory or data mapping. This is not the case. The GDPR replaces current legal obligations that require you to notify and register your processing activities with local DPAs. Under the GDPR you are no longer required to make such notifications but rather are required to maintain a record of all your organisation’s processing activities internally and to make it available to supervisory authorities upon request. So, just like you had an external register, you now need an on-demand internal record.
This webinar starts with a look at the Supervisor Authority perspective and the rationale behind the creation of Article 30. Then, the webinar will discuss how to incent the business to maintain a processing-based inventory that when used in the EU will turn GDPR article 30 reporting into an outcome. Plus, learn the power of focusing on purposes of data processing and hear from one company who has implemented this approach in practice to understand how it betters aligns with business operations and practices and is much easier to scale, update and maintain. Hear also about local Article 30 GDPR guidance, including the Article 30 template guide recently released by the French data protection authority (CNIL), further highlighting that the intention behind the GDPR records of processing requirement.
At the end of the webinar, learn how Nymity created an innovative approach to Article 30 compliance as we spend a few minutes to introduce a software solution that makes Article 30 GDPR compliance the responsibility of the business, with support and oversight coming from the Privacy Office/DPO. It is called Nymity SmartPIA™.
Fill out our form to access our on-demand recording.
Paul Breitbarth, Nymity Director of EU Certification Research and Senior Solutions Advisor and former
Senior International Officer, Dutch DPA
David Smith, Nymity EU Research Advisor and former Deputy Commissioner and Director of Data
Protection Information Commissioners Office, UK
Oran Kiazim, Vice President, Global Privacy at Sterling Talent Solutions
Anne Fontanille, Privacy Counsel, Data Protection Officers Department, CNIL
Many privacy officers seem to be under the impression Article 30 of the General Data Protection Regulation (GDPR) on records of processing activities, creates a legal obligation for traditional data inventory or data mapping exercise. This is not the case.
The Next Generation in Accountability Based Privacy Impact Assessments (PIA/DPIA). Learn more
Enables the rapid deployment of expert accountability mechanisms and helps ensure ongoing compliance without restricting business. Find out more with the Nymity Templates™ – GDPR Add-on.
See How Nymity Can Help