Under Article 30 of the GDPR, controllers are required to keep records of all of the following EXCEPT?
Under Article 30 of the GDPR, controllers are required to keep records of all of the following EXCEPT?
Article 30 of the GDPR requires controllers to maintain records of processing activities, which include details such as categories of recipients to whom the data has been disclosed and retention periods for erasure and deletion of categories of personal data. However, incidents of personal data breaches are not included under Article 30. Instead, these breaches are covered under Article 33, which deals with the notification of personal data breaches.
The correct answer is A. Art. 30 is about ROPA, while documenting data breach is in Art. 33 under security of personal data.
The correct answer is B
The answer is A. B is incorrect because data mapping is an organizational security measure which falls under Article 30 (1) g. description of the organizational security measures.
Not in ROPA
Correct answer is A - reporting requirements are addressed in Article 33, not 30 which deals with records of processing