TrustArc Blog

The Solution to help Meet GDPR Article 30 Requirements

September 06, 2017

TrustArc Data Flow Manager

EU General Data Protection Regulation Article 30

Article 30 pertains to Records of Processing Activities. Not only do organizations have to keep records, and in addition, they have to be able to produce them on-demand.

In order to meet this requirement, an organization should follow these best practices:

  • Create a centralized, secure data inventory that can be maintained over time
  • Provide stakeholders across the organization with visual data maps of business process flows
  • Ensure that all information necessary for the Article 30 reports is recorded so that reports can be generated on-demand
  • Generate a scalable, sustainable process for meeting Article 30 requirements

Visual data maps make it easier for stakeholders across the organization to see how data flows through complex business processes. Unlike an Excel spreadsheet that confines multilinear connections between different data flows to rows and columns, a visual data map makes it easier to follow the data throughout the business process.

When data inventories are kept up to date, generating current reports  will be an easier task. While data maps and data inventories are not required by the GDPR, they provide a great foundation for building the reports necessary to meet GDPR requirements. To gain stakeholder buy in, we suggest highlighting these benefits that a comprehensive data inventory will bring:

Business Unit Focus Benefits to BU & Business
Information

Technology

identifying storage redundancies • Reduce infrastructure complexity

• Cost savings

Information Security understanding what data reside in which systems • Prioritize protection efforts – focus on high risk, high value

• Establish appropriate access controls

• Cost savings

Operations visualizing flows and uses of data throughout the company • Reduce redundancies

• Improve efficiencies

• Cost savings

Procurement identifying points at which the company shares information with third party vendors and understanding the sensitivity of the data being shared • Support risk-based vendor management

• Greater efficiency in contract management

• Cost savings


After creating a data inventory and visual data maps, an organization still has to be able to generate Records of Processing Activities.

Data Flow Manager, part of the TrustArc Privacy Platform can generate an on-demand report of these records, because our privacy experts have purpose built this solution to meet these GDPR requirements.

The solution combines powerful technology with privacy expertise, providing a streamlined way to generate sustainable data inventories and visual representations of data throughout the lifecycle. Data Flow Manager also helps businesses prepare to meet privacy regulations, including the GDPR because it provides Article 30 reports on-demand.

  • Create a sustainable data inventory
  • Visual data maps
  • Article 30 reports on-demand
  • Optional assistance building sustainable processes from TrustArc privacy experts

See the power of TrustArc Data Flow Manager by reserving a time to to speak with one of our privacy experts.

 

Subscribe to Blog