The accountability principle requires you to demonstrate that your organisation processes personal data in line with the GDPR. To help you do this, you can implement several technical and organisational measures. One such measure is contained in Article 30, which says that an organisation shall:
“…maintain a record of processing activities under its responsibility.”
There are several specified areas where records must be maintained, such as the purposes of processing personal data, data sharing and retention. This is what we mean by documentation.
