Data Mapping GDPR
Under Article 30 of the GDPR, data controllers and processors are required to keep Records of Processing Activities (RoPAs), including the purpose, description of the categories of data subjects, whether personal data was transferred to a third party, and details of any data safeguards that are in place
HewardMills supports its clients with data mapping and keeping RoPAs. Organisations with 250 or more employees must document all their processing activities, while those that employ fewer than 250 people need only document processing activities that:
- Are not occasional (eg, are more than just a one-off occurrence or something you do rarely);
- Are likely to result in a risk to the rights and freedoms of individuals (e.g, something that might be intrusive or adversely affect individuals); or
- Involve “special category data” or “criminal conviction and offence data” (as defined by Articles 9 and 10 of the GDPR).
HewardMills helps its clients comply with data protection regulations, including the GDPR, ePrivacy Directive, local legislation (for multijurisdictional organisations) and cybersecurity laws, as well as with legal and regulatory requirements arising from emerging technologies such as blockchain.
We are a multidisciplinary team of data protection practitioners, lawyers, corporate governance specialists and cybersecurity experts with a wealth of knowledge, delivering data protection excellence to your organisation.
If you would like to learn more about how HewardMills can help your organisation handle and process data safely, securely and responsibly in line with international regulations and policies, please get in touch via telephone (+44 20 3998 1840 or +353 1669 4642), or email firstname.lastname@example.org today.