Under Article 30 of the GDPR, data controllers and data processors are required to maintain appropriate records of processing activities. According to the article, the records that should be kept include:
- The purpose of processing
- A description of the categories of personal data being processed
- A description of the categories of data subjects whose data is being processed
- The contact details for your Data protection officer (if relevant)
- The contact details for your EU representative (if relevant)
Contact information for a Data protection officer (DPO) or an EU representative may not be applicable to your business. For example, some businesses are exempt from the requirement to appoint a DPO. Learn more about whether you need to appoint a DPO.
In the case of an investigation, you may be asked to present this information to the supervisory authority. You should also keep track of any data processors that you have engaged with (such as OnceHub) and ensure that you have the relevant details. You can find our DPO and EU representative details in the OnceHub DPA.
The details should be kept in written form and it is best if they are stored electronically. To ensure compliance, OnceHub requires that you provide and maintain this information in your OnceHub account settings.
Providing OnceHub with records of your processing activities
- In the top navigation menu, select the gear icon → Compliance.
- Scroll down and fill out the section Your use of personal data (Figure 1).
You’re all set! You have now provided OnceHub with a record of your processing activities.
NoteSome of the items may not be required under certain circumstances. For example, if your business is based in the EU, you are not required to have an EU representative. If you have additional questions about Article 30 of the GDPR, contact us for more information.
To learn more about OnceHub's compliance with the GDPR, read our ebook: A practical guide to using OnceHub in a GDPR compliant manner