Hi everybody and thanks to anyone will answer to my question.
This is my first time developing an APP, my users will be keeping records of health related data, which are considered very private, and I am bit puzzled… I am not sure I really understood what is needed to build to cope with the Art. 30 of the GDPR, which says:
Records of processing activities
Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.
That record shall contain all of the following information:
- the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer;
- the purposes of the processing;
- a description of the categories of data subjects and of the categories of personal data;
- the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organizations;
- where applicable, transfers of personal data to a third country or an international organization, including the identification of that third country or international organization and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards;
- where possible, the envisaged time limits for erasure of the different categories of data;
- where possible, a general description of the technical and organizational security measures referred to in Article 32(1).
Obviously we, as providers of a service which is in line with the GDPR, will have to help our customers to collect and retrieve those records worm and tidy.
How to build such a system?
The first idea I had was building a record of all activities all users do when they use the APP, and display it in a repeating group, giving some search filters. I wonder if we can retrieve data from the server logs for users in the APP, so I won’t need to build a specific thing to record
I’ll try to sum up the concepts in 3 questions:
- Am I right when I think that I have to build a record of processing activities in my APP (especially since my users will record very private data)?
- Is there a way to retrieve data from the server logs?
- How long should the users keep the record?