Flag for language 'English' English

How can we help you?

Dutch Data Protection Authority's recommendations for records of processing activities

  • 11-12-2018

The Dutch Data Protection Authority (DPA) recently published five recommendations for records of processing activities (only available in Dutch). In accordance with European privacy legislation, organisations must (usually) keep records of their processing activities. The DPA issued its recommendations following an exploratory study of thirty large organisations, in which they assessed the quality of the processing records.

Indefinite storage of personal data without justification is not compliant with European privacy legislation. For this reason, the DPA recommends, amongst other things, that organisations state in their processing records how long they intend to store personal data.

The DPA calls its recommendations "concrete". However, it could also be argued that they "state the obvious" and "raise more questions than they answer".

Please read more on this topic in our newsletter.

Related articles

Cookie notice

We care about your privacy. We only use cookies strictly necessary to ensure the proper functioning of our website. You can find more information on cookies and on how we handle your personal data in our Privacy and Cookie Policy.