So it is stated in GDPR that if an organization has to maintain ROPA if
1. it has more than 250 employees
2. It performs processing that is not occasional
We act as both a
1. data processor for customers where we are processing personal data on a daily basis
2. data controller for our own employee data, marketing, and sales data
My question is are we still bound to maintain ROPA?
Assign topic to the user
Article 30 GDPR requires Registers of Processing Activities (ROPA) also if the Controller/Processor processes special categories of data under Article 9 (1).If your organization has employees and Clients the processing is not occasional and you are likely to process also special categories of personal data (i.e., trade union membership, health data, etc.) so you need to maintain ROPA.
If you want to learn how to comply with EU GDPR requirements you may consider enrolling in our free training EU GDPR Foundations course: https://advisera.com/training/eu-gdpr-foundations-course//
If we are storing special categories of data for our own employees only and personal data of customers should we maintain ropa ?
@Simmal Pasha
If we are storing special categories of data for our own employees only and personal data of customers should we maintain ropa ?
And is processing of personal data of employees such as payroll processing is considered " ocassional" ?
If we are storing special categories of data for our own employees only and personal data of customers should we maintain ropa ?
Yes, you should. ROPA is one of the most important accountability instruments that the GDPR offers in case of inspection from the Surveillance Authority.
"And is processing of personal data of employees such as payroll processing is considered " ocassional" ? "
No, it is periodical, so it is not occasional.
The European group of experts who developed the GDPR and gave interpretation on the previous directives, the so-called WP29, stated that a processing activity can only be considered as “occasional” if it is not carried out regularly, and occurs outside the regular course of business or activity of the controller or processor.
Therefore, payroll is not occasional processing.
Comment as guest or Sign in
Apr 22, 2021