EM Law are experts in helping clients create a record of processing activities. Our lead data protection lawyer is Neil Williamson who has extensive experience in advising clients on a wide range of data protection matters.
On 25 May 2018 the General Data Protection Regulation (GDPR) came into force. The GDPR ushered in a number of changes to data protection, including new requirements for organisations to deal with.
One of the new core requirements of the GDPR is to know and to document the personal data that an organisation uses, what it is used for, where it is stored, where it flows from and to, and how it is protected. This is summarised in Article 30 of the GDPR, which requires organisations to establish and maintain a record of processing activities.
What is a record of processing activities?
A record of processing activities is a critical document for any organisation that processes personal data in the EU. Controllers must document all the applicable information under Article 30(1) and processors must document all the applicable information under Article 30(2). Such information includes the purposes of the processing, a description of technical and organisational security measures and, where applicable, details of personal data transfers to third countries. The record of processing activities must be kept in writing but can be in paper or in electronic form. Electronic form may be more beneficial, allowing organisations to update and amend the document as necessary. Your record of processing activities must be made available on demand to applicable data protection authorities. In the UK, this is the Information Commissioner’s Office (ICO).
Why do I need a record of processing activities?
You need to keep a record of processing activities in order to comply with the GDPR. If you do not keep correct data processing records then you could be ordered to pay a large fine.
Do all organisations need to document their processing activities?
Organisations with 250 or more employees must document all of their processing activities. Organisations with less than 250 people only need to process activities that:
• are not occasional (i.e. are more than just a one-off occurrence); or
• are likely to result in a risk to the rights and freedoms of individual; or
• involve special category data or criminal conviction and offence data, as defined by Articles 9 and 10 of the GDPR.
Even if you don’t technically need to keep a record of processing activities, it is good practice to do so. Keeping a record of processing activities will assist you with your other GDPR obligations further down the line.
If you are looking for assistance with a record of processing activities or want advice on GDPR more generally contact Neil Williamson.
"Neil and his team have undertaken several items of legal work covering contracts, agreements and share option schemes for IMC Worldwide... View More Testimonials"
Gavin English MD IMC Worldwide Ltd
"Neil at EM Law advised us with regards to GDPR. He was thoughtful and thorough.... View More Testimonials"
COO of a Strategic Communications Agency
"I want to thank Neil at Emerging Law for his support and guidance whilst I have been setting up my own business. He has talked me through the step by step stages and legalities involved so that I can make informed decisions about my business approach... View More Testimonials"
Ayshen Ali founder Attainers Limited
"I felt incredibly fortunate to have come across Imogen. She was fantastic at helping at every juncture... View More Testimonials"
SM, Recruitment Manager
"Neil and Lauren were both very helpful in drafting contracts I needed for my firm... View More Testimonials"
Alex Mosley, Director Perrygate Property Limited
"Neil and Helen provided us with an employment contract and terms and conditions of business. We found Neil and Helen to be extremely informative and helpful throughout the process... View More Testimonials"
Grant Lambert MD Honor Search (Digital Recruitment)
"Neil Williamson, I cannot thank enough for his work and legal advice, which had brought the great result.... View More Testimonials"
"Neil was brilliant, patient and thorough guiding me through queries setting up my business to be compliant.... View More Testimonials"
Kate York, Photographer
"Neil and I worked alongside each other for several years securing software business overseas for Crown Agents... View More Testimonials"
Nick Small Director Nick Small Consulting
"What can I say about Imogen? She was the shining star in what was a very difficult time for me.... View More Testimonials"
VR, Nutritional Chef and Culinary Manager
"Imogen....has a very personable approach and is succinct in her communication. I would highly recommend her... View More Testimonials"
KE, Development Manager
"Imogen has always given me sound, objective and carefully considered legal advice.... View More Testimonials"
MB, Senior Sponsorship Manager
"Thank you for all your help with the matters regarding my company, you have been thorough in all aspects to the finer detail... View More Testimonials"
John Taylor Director Glo-bell London Ltd
"Neil is able to address complex issues, give us advice that we can follow and come up with creative solutions... View More Testimonials"
Ismet Yucetas CEO Middle East Air Drilling Services
"Imogen is a fantastic employment lawyer. Clear, supportive and very skilled in her area.... View More Testimonials"
LC, Director at a Management Consultancy
"Neil helped us structure, negotiate and put in place our first client software-as-a-service contracts. His technical and commercial advice was invaluable - he understands exactly where we are coming from... View More Testimonials"
Lena Rosenior CEO De Graft Management Ltd
"Cardno has worked closely with EM Law since 2013. The advice and support provided to our business by EM Law has been of a high quality, relevant to our requirements and more importantly helped us to make the appropriate decisions that have contributed to the success of our business... View More Testimonials"
George Mukkath Managing Director Cardno Emerging Markets (UK) Ltd
"We have been working with Neil for many years now, more recently on a retained basis because he has become someone we trust and who understands our business requirements. ... View More Testimonials"
Rupert Wood CEO Wasteland Ski Ltd
"We have worked with Neil and his colleagues on a number of different company issues including business acquisitions, client contract and employment matters... View More Testimonials"
Dave Dadds CEO DRD Communications Ltd
"Starting a new venture, within a new country......I needed someone who could understand the complexities and culture of the venture...... View More Testimonials"
Maren Koros CEO Afyacore
"EM Law have supported Anexsys with a number of legal issues, ranging from drafting complex IT contracts to developing conflict policies and advising on a range of complex multi-jurisdiction legal issues... View More Testimonials"
Rob Crowley MD Anexsys Ltd
Can We Help You?
We are here to help with any of your questions.
Just click "Yes" below.
Please enter your question below
Please enter your name and email address so than we can send you a response
Thank you for sending us your question. We will contact you shortly to discuss this.
Sorry, there is a technical issue. Please contact us by telephone: 0203 637 6374