On July 25, 2019, the French Data Protection Authority (the “CNIL”) published new template records of data processing activities pursuant to Article 30 of the EU General Data Protection Regulation (“GDPR”). This provision requires organizations subject to the GDPR to maintain internal records of data processing activities. The CNIL recalled that such records are a key accountability tool under the GDPR for identifying, understanding and controlling data processing activities. Setting up and maintaining these records provide businesses with the opportunity to ask the right questions and limit privacy risks under the GDPR. According to the CNIL, this is also a useful moment to set up a data protection compliance action plan.

Continue Reading