Who is obliged to maintain
Information to be provided to data subjects (Articles 13, 14, 15 of GDPR) must be maintained by all companies, without exception, independent of the number of employees or type of processing.
Records of processing activities (Article 30 of GDPR) must be maintained only by companies employing more than 250 persons unless
- the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects,
- the processing is not occasional,
- or the processing includes special categories of data or personal data relating to criminal convictions and offences referred
- (in which case Records of processing activities must be maintained even in companies with less than 250 employees).
When will they be used
Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with the information from Article 13 of GDPR.
Where personal data have not been obtained from the data subject, the controller shall as soon as possible provide the data subject with the information from Article 14 of GDPR.
The data subject shall have at any time the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data information from Article 15 of GDPR
Product
The filing systems records in accordance with Articles 13, 14, 15 and 30 of GDPR with the following required structure:
- 1) type of data and name of data filing system,
- 2) type of processing action,
- 3) name or company name of controller and his address or seat,
- 4) date of commencement of data processing or of data filing system establishment,
- 5) purpose of personal data processing,
- 6) legal grounds for processing or establishment of data filing system,
- 7) categories of data subjects,
- 8) types and levels of data confidentiality,
- 9) manner of collecting and preserving of personal data,
- 10) period of time for which the data will be kept or used,
- 11) name or company name of filing system recipient and his address or seat,
- 12) code of entry, that is transfer of personal data from the filing system across the borders
- together with the name of the state or international organisation and the name of the international recipient, legal grounds and purpose of such entry or transfer,
- 13) undertaken data protection measures,
- 14) requests concerning the data processing.
Filing systems records of data controllers typically include at least the following:
- Employees entitled to disability insurance filing system record
- Visitors to business premises of data controller filing system record
- Employees filing system record
- Accidents occurred at work filing system record
- Monthly payments, expenses and other payouts to employees filing system record
- Video surveillance filing system record
- Persons deployed to work by the employment agencies filing system record
- Family members and dependents of employees filing system record
- Education and trainings of employees filing system record
- Obligatory medical examination of employees filing system record
- Occupational health and safety training filing system record
- Job-seekers filing system record
- Worked hours, sick leaves and holiday allowances of employees filing system record
- Employees’ rights to enter business premises of data controller filing system record
- Monitoring of (monthly) uses of telephone, cell phone, car or other assets filing system record
- Claims against employees and transactions made regarding this claims filing system record
- Disciplinary proceedings filing system record
- Copyright and other contracts with physical persons filing system record
- Invoices of products and services charged to individuals/employees filing system record
- Business partners and potential business partners (physical persons) of data controller filing system record
- Students working for data controller filing system record
- Student professional practice filing system record
- Implementation of measures undertaken for the protection of premises
- Received and sent mail filing system record
- and others