In its fourth omnibus package, the European Commission proposes that the new category of "small mid-cap companies" should be exempt from the obligation to maintain a record of processing activities under Article 30(5) of the GDPR, provided their data processing does not pose a high risk. However, this proposal overlooks the fact that maintaining such records helps companies gain a clear understanding of their own data processing activities and to make the right decisions in terms of data protection law. Both of these things are an essential step to ensure, among other things, the sensible and secure use of AI applications. By introducing this exemption, the proposal risks undermining the rights of data subjects and complicating the enforcement of data protection law.