Compliance Library Blog Product Sign In
GDPR-30-09 Documentation 30 — Records of processing activities

Controller record must describe technical and organisational security measures

Description

Where possible, the controller's processing record must include a general description of technical and organisational security measures.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

GDPR-30-01 Documentation

Controller must maintain record of processing activities
GDPR-30-02 Documentation

Controller's representative must maintain record of processing activities
GDPR-30-03 Documentation

Controller record must contain contact details and organizational information
GDPR-30-04 Documentation

Controller record must contain purposes of processing
GDPR-30-05 Documentation

Controller record must describe data subjects and personal data categories
GDPR-30-06 Documentation

Controller record must list recipients of personal data
GDPR-30-07 Documentation

Controller record must document international transfers
GDPR-30-08 Documentation

Controller record must include data retention time limits
GDPR-30-10 Documentation

Processor must maintain record of processing activities
GDPR-30-11 Documentation

Processor's representative must maintain record of processing activities

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started