Article 18
Documentation keeping
Documentation Keeping for AI Systems
While 'record-keeping-ai' exists, a more specific topic focused on documentation keeping as a distinct concept would better capture the AI Act's specific requirements around maintaining, organizing, and preserving documentation throughout an AI system's lifecycle, including technical, compliance, and operational documentation.
documentation keeping documentation retention record keeping AI documentation compliance documentation documentation requirements document retention documentation obligations
Laws (1)
Guidance (1)
Enforcement (2)
Covid-19 test center: Insufficient legal basis for data processing
€1,400 fine - Data Protection Authority of Hamburg
The DPA from Hamburg has imposed a fine of EUR 1,400 on a Covid-19 test center. The controller intended to fulfill its statutory documentation obligations and scanned the front and back of ID cards of tested persons for this purpose. However, such extensive storage of personal data would not have been necessary to fulfill its documentation obligations. This could and should have been known to the controller.
Twitter International Company: Insufficient fulfilment of data breach notification obligations
€450,000 fine - Data Protection Authority of Ireland
The Irish DPA (DPC) fined Twitter International Company EUR 450,000 for violating Art. 33 (1) GDPR and Art. 33 (5) GDPR for failing to notify the DPA in a timely manner of a data breach and not adequately documenting that breach. The data breach concerned the privacy settings of user posts on the social media platform Twitter. There, users have the option to set the visibility of their posts to private or public. Private posts can only be seen by subscribers of the respective user profile, while