It's no secret that the EU General Data Protection Regulation introduces a slew of new obligations — from consent management to data subject access rights. "One of the more labor-intensive obligations is the Article 30 requirement for processors and controllers of personal data to keep records of processing activity," points out Dimitri Sirota, CEO and co-founder of BigID. Though organizations can go to stakeholders to find out more about their data-processing activities, Sirota writes, "Unfortunately, people are not perfect in their recollection of where they put their car keys, let alone where they put their data." In this post for Privacy Tech, Sirota contends that organizations should rely on technology to reach compliance with the Article 30 record-keeping obligations, rather than just on human input.
If you want to comment on this post, you need to login.