GDPR — Article 30

What it requires

Controllers must maintain records including purposes of processing, categories of data subjects and personal data, recipients of personal data (including third parties), and retention periods. AI model providers receiving personal data are recipients under Art. 30.

How Svalin addresses it

Automatically generates Art. 30 records for AI tool processing activities — capturing data categories detected, AI provider recipients, timestamps, and retention metadata. Exportable as structured compliance reports for DPO review or regulatory submission.