Article 30 of the GDPR refers to the records of data processing that a data controller and data processor need to keep. They need to keep these records in order to demonstrate GDPR accountability and their efforts at compliance with the 6 principles of data processing as outlined in the GDPR. The organisation must keep…
***Schrems II update*** In July 2020, the Court of Justice of the European Union ruled that the Privacy Shield adequacy decision for the USA was invalid because of invasive US surveillance programs. You can read more about the background of the case, the decision and the implications here. Recommended further reading: Schrems II: What next…
“Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject”. ‘Lawfulness, fairness and transparency’ is one of the fundamental data processing principles in Article 5 of the GDPR This means that data controllers must have lawful grounds for processing personal data. They need to specify this in…