In order to demonstrate compliance with the GDPR, the controller or processor must maintain records of processing activities under its responsibility. Each controller and processor should be obliged to cooperate with the supervisory authority and make those records, on request, available to it, so that it might serve for monitoring those processing operations.
This requirement does not apply to an enterprise or an organisation employing fewer than 250 persons UNLESS:
the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects;
the processing is not occasional; OR
the processing includes special categories of data (sensitive data) or personal data relating to criminal convictions and offences;
However, data protection authorities do encourage ALL organisations to maintain this report as a matter of good governance.
The GDPR compliance app uses your data mapping input to update your records of processing but you will need to add further details around the security of processing and for this you may need to get assistance from the IT folk. You will also need to provide information if your organisation acts as a processor.
Read more about demonstrating compliance here
The content herein is provided for your convenience and does not constitute legal advice.
Compliance Technology Solutions B.V. 2018