Does the GDPR Require a Personal Data Inventory? Answer: No

GDPR Compliance Webinar Series 2017

Many privacy officers seem to be under the impression that Article 30 of the General Data Protection Regulation (GDPR) on records of processing activities creates a legal obligation for a data inventory or data mapping. This is not the case. The GDPR replaces current legal obligations that require you to notify and register your processing activities with local DPAs. Under the GDPR you are no longer required to make such notifications but rather are required to maintain a record of all your organisation’s processing activities internally and to make it available to supervisory authorities upon request. So, just like you had an external register, you now need an on-demand internal record.

This webinar starts with a look at the Supervisor Authority perspective and the rationale behind the creation of Article 30. Then, the webinar will discuss how to incent the business to maintain a processing-based inventory that when used in the EU will turn GDPR article 30 reporting into an outcome. Plus, learn the power of focusing on purposes of data processing and hear from one company who has implemented this approach in practice to understand how it betters aligns with business operations and practices and is much easier to scale, update and maintain. Hear also about local Article 30 GDPR guidance, including the Article 30 template guide recently released by the French data protection authority (CNIL), further highlighting that the intention behind the GDPR records of processing requirement.

At the end of the webinar, learn how Nymity created an innovative approach to Article 30 compliance as we spend a few minutes to introduce a software solution that makes Article 30 GDPR compliance the responsibility of the business, with support and oversight coming from the Privacy Office/DPO. It is called Nymity ExpertPIA™.

SPEAKERS

Paul Breitbarth
Director of EU Certification Research and Senior Solutions Advisor and former Senior International Officer, Dutch DPA, Nymity, Netherlands 

David Smith
Nymity EU Research Advisor and former Deputy Commissioner and Director
of Data Protection Information Commissioners Office, UK

Oran Kiazim
Vice President, Global Privacy at Sterling Talent Solutions

Anne Fontanille
Privacy Counsel, Data Protection Officers Department, CNIL


GDPR Webinar Series 2017 / View all webinars

VIEW ON-DEMAND RECORDING