GDPR Processing Activities Register Template
Maintaining written (including electronic) records of processing activities is a GDPR requirement under Article 30, applying to controllers & processors with 250+ employees (and in limited cases , to those with fewer than 250 persons).
Recital 82 advises that “each controller and processor should be obliged to cooperate with the supervisory authority and make those records, on request, available to it, so that it might serve for monitoring those processing operations.”
Each controller must record: –
● Name & contact details of the controller (if applicable, joint controller or controller’s representative)
● Name & contact details of the data protection officer
● The purposes of the processing
● Description of the categories of data subjects
● Description of the categories of personal data
● Categories of recipients to whom the personal data has/will be disclosed (including third countries or international organisations)
● If applicable, transfers of personal data to a third country/international organisation (including their identity and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards)
● If possible, the envisaged time limits for erasure of the different categories of data
● If possible, a general description of the technical and organisational security measures referred to in Article 32(1)
Processors must maintain records containing: –
● Name & contact details of the processor(s) & the controller on behalf of which they are acting
● If applicable, name & contact details of the processor’s representative, and the data protection officer
● Categories of processing carried out on behalf of each controller
● If applicable, transfers of personal data to a third country/international organisation (including identity & if applicable, the documentation of suitable safeguards)
● If possible, a general description of the technical and organisational security measures referred to in Article 32(1)
If you are developing your own registers for the mandatory GDPR records, there are many formats suitable, as well as database options. We have used Excel for our recently launched Information Flow template and Processing Activities Register, which are free inclusions in our GDPR Document Set and GDPR Policies.
If you are developing your own registers for the mandatory GDPR records, there are many formats suitable, as well as database options. We have used Excel for our recently launched Information Flow template and Processing Activities Register, which are free inclusions in our GDPR Document Set and GDPR Policies.