The Article 30 report provides a structured record of processing activities required under Article 30 of the GDPR. You generate it from the Business Processes page in the Data Mapping & Risk Manager (DMRM), with options to customize which data appears, include visual data flow elements, and save your settings as defaults for future downloads.
This article explains how to generate and customize an Article 30 report.
📋 Note: When the selected business process record uses a Type 3 template with two Owning Organizations and data recipients listed in one of the two locations, the following fields are populated automatically:
| Field | Data Pulled |
|---|---|
| Countries data are transferred to | Names of the countries where the data recipients and systems are located |
| Organizations data are transferred to | Name of the recipient company entity, or name of the owner of the third-party system |
To generate an Article 30 report, follow these steps:
In the left navigation panel, hover over the Data Mapping & Risk Manager icon, and then select Business Processes.
Select one or more business process records.
In the top-right corner of the page, click the Download button (1), and then select Article 30 Report (2).
In the Report Customization modal, configure the following options as needed, and then click Download.
•Report scope (3) — If only one record is selected, choose what information appears in the report:
After clicking Customize Data in the Report Customization modal, the following options are available:
📋 Note: If the Select this entity as the Reporting Organization for the Article 30 Report (1) setting is enabled during business process record creation, and the Include in A30 Report toggle is set to Yes (2), the names of the Data Protection Officers and EU Representatives of the owning organizations are listed on the Article 30 report.
The screenshot below shows an example of an Article 30 report page displaying the name of an added EU Representative: