On June 14, the Privacy Commission released a Recommendation (source documents in French and in Dutch) providing guidance on the GDPR requirement to maintain records of data processing activities. Among other topics, the Recommendation covers the responsibility of maintaining internal records for both data controllers and data processors, the purpose of the requirement, the content of records of activities, and recipients of such internal records.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.