Compliance Library Blog Product Sign In
GDPR-30-17 Reporting 30 — Records of processing activities

Records must be made available to supervisory authority on request

Description

Controllers, processors, and their representatives must make processing activity records available to the supervisory authority upon request.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

GDPR-30-01 Documentation

Controller must maintain record of processing activities
GDPR-30-02 Documentation

Controller's representative must maintain record of processing activities
GDPR-30-03 Documentation

Controller record must contain contact details and organizational information
GDPR-30-04 Documentation

Controller record must contain purposes of processing
GDPR-30-05 Documentation

Controller record must describe data subjects and personal data categories
GDPR-30-06 Documentation

Controller record must list recipients of personal data
GDPR-30-07 Documentation

Controller record must document international transfers
GDPR-30-08 Documentation

Controller record must include data retention time limits
GDPR-30-09 Documentation

Controller record must describe technical and organisational security measures
GDPR-30-10 Documentation

Processor must maintain record of processing activities

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started