On October 8, 2018, the Italian Garante per la Protezione dei Dati Personali, the Italian data protection authority, DPA, released instructions on how to maintain a record of processing activities, as well as a sample document compliant with Regulation (EU) no. 679/2016, the General Data Protection Regulation, GDPR.
The record – to be maintained by each controller and controller’s representative – is a document containing the main information relating to the processing activities carried out by a controller, or representative, according to article 30, GDPR.
The duty to maintain the record derives from the accountability principle. It provides an updated picture of the processing carried out by a controller for the purposes of assessing the possible risk. It must be shown to the DPA upon request.
The related press release may be found (in Italian) at https://www.garanteprivacy.it/…
A related list of question is available (in Italian) at https://www.garanteprivacy.it…
Doc. web n. 9084520, Parere su una istanza di accesso civico, dated January 10, 2019, Registro dei provvedimenti n. 2 del 10 gennaio 2019 is available (in Itlaian) at https://www.gpdp.it…
A sample form of the record is available (in Italian) at https://www.garanteprivacy.it… Open PDF
For more information on how privacy to implement privacy policies in your business, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli.