Records of Processing Activities
The GDPR Accountability Principle states that controllers such as Trinity College must be responsible for, and be able to demonstrate compliance with, the requirements and principles of the Regulation. In order to demonstrate accountability, Article 30 GDPR sets out specific requirements for internal records of processing activities.
Trinity College must be able to demonstrate the following:
- What personal data is processed by University
- Why it is processed
- How it was obtained
- The legal (lawful) basis for processing
- Where/ how it is stored (including electronic and paper-based formats)
- Security measures in place to protect the data
- Who can access the data
- How long the data is retained for
All Schools and Business Units should use the data mapping template that has been designed to assist with Article 30 GDPR compliance requirements. For further information on how to complete and submit this template please contact the Trinity College Data Protection Officer.