Project Description

2 days
By Nicola Whiting - Senior Data Protection Compliance Specialist

Record-keeping and reporting

Record-keeping and reporting obligations

Under data protection law entities have certain record-keeping obligations.

You MUST maintain:

  • a record of personal data breaches
  • contracts with processors
  • details of arrangements with joint controllers
  • a record of processing activities (or ROPA for short - see below) in many cases and good practice in all cases
  • a register entry with the Information Commissioner (unless exempt)

and you SHOULD maintain:

  • data protection policies and procedures in respect of the technical and organisational measures implemented where proportionate to the processing.

Data protection law also places certain reporting obligations on entities:

• report personal data breaches to the Information Commissioner unless it is unlikely that there will be any risk caused to the affected individuals (not the business) by that personal data breach.

A ROPA is the core document associated with data protection compliance. It sets out what information you have, why, where it is, what you do with it. It is also the source of information necessary to create your privacy notice, determine appropriate security measures, manage personal data breaches and assist in demonstrating your accountability.

Get in touch to discuss how we can help you with data protection compliance, or pop in for a chat at our offices at 16 Peel Road, Douglas on Monday 29 January between 10:30 - 12:00.

Download our handy flyer!

2 days to go

Keep up to date with the latest news from Rowany and hear about our projects, performance and people.

Sign up to our newsletter to keep informed

Newsletter Signup