EDPB position paper on Article 30 derogations

Position Paper on the derogations from the obligation to maintain records of processing activities pursuant to Article 30(5) GDPR

The Working Party 29's position paper clarifies exemptions from the GDPR's Article 30(5) requirement for maintaining records of processing activities, noting exemptions for organizations with fewer than 250 employees do not apply if processing poses a risk to data subjects, is non-occasional, or involves special data categories. The document underscores the role of these records in enhancing accountability and risk assessment in line with GDPR principles. It also advocates for supervisory authorities to assist small and medium-sized enterprises (SMEs) with resources and tools to comply with these obligations.