Dossier for "Records of processing activities" (Demo)

The sheer number of legal provisions makes it difficult to keep track. This is why we added the "Dossier" function for key terms, which displays the most important sources for various terminology. It ensures you can gain a quick and knowledgeable overview of the entire legal situation.

This free "demo" version of the dossier only provides an excerpt featuring the first two articles and recitals. If you purchase the PrivazyPlan®, every aspect will be covered.

Dossiers are currently available for the following terms:

Advertising, Anonymisation, Automated Decision In Individual Cases, Compensation, Complaint, Compliance, Consent, Copy (for Data Subject), Correction, Cross-Border Processing, Data Minimisation, Data Portability, data protection by design, Data Protection Guarantee, Data Protection Impact Assessment, Data Protection Officer, Deletion, Disclosure, Encryption, Establishment, Extensive Processing, Files, Fine, Group Of Undertakings, Identification, Legitimate Interests (Controller), Legitimate Interests (Data Subject), Limitation Of Processing, Objection, Obligation, Opening Clause, Permission, Personal Data Breach, Privileged Purposes, Processing On Behalf, Processing On Behalf (Controller), Processing On Behalf (Processor), Professional secrecy, Profiling, Prohibition, Proof, Pseudonymisation, Publication Of Personal Data, Purpose (Binding), Purpose (Change), Records of processing activities, Reporting to supervisory authority, Representatives, Revocation, Risk For Rights And Freedoms, Shared Responsibility, Strategie, Task in Public Interest, Technical And Organisational Measures, Transfer To Third Countries, Transmission, Transparency

The dossier for "Records of processing activities" has 5 matches:

Article 30 - Records of processing activities

1. Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility. That record shall contain all of the following information:

(a) | the name and contact details of the controller and, where applicable, the joint controller, the controller's representative and the data protection officer;

(b) | the purposes of the processing;

(c) | a description of the categories of data subjects and of the categories of personal data;

(d) | the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;

(e) | where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards;

(f) | where possible, the envisaged time limits for erasure of the different categories of data;

(g) | where possible, a general description of the technical and organisational security measures referred to in Article 32(1).

2. Each processor and, where applicable, the processor's representative shall maintain a record of all categories of processing activities carried out on behalf of a controller, containing:

(a) | the name and contact details of the processor or processors and of each controller on behalf of which the processor is acting, and, where applicable, of the controller's or the processor's representative, and the data protection officer;

(b) | the categories of processing carried out on behalf of each controller;

(c) | where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards;

(d) | where possible, a general description of the technical and organisational security measures referred to in Article 32(1).

3. The records referred to in paragraphs 1 and 2 shall be in writing, including in electronic form.

4. The controller or the processor and, where applicable, the controller's or the processor's representative, shall make the record available to the supervisory authority on request.

5. The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.

Article 49 (6) - Derogations for specific situations

6. The controller or processor shall document the assessment as well as the suitable safeguards referred to in the second subparagraph of paragraph 1 of this Article in the records referred to in Article 30.


The match number 3 is available, if you buy the PrivazyPlan®.


The match number 4 is available, if you buy the PrivazyPlan®.


The match number 5 is available, if you buy the PrivazyPlan®.


Hinweis: Bitte beachten Sie, dass die Auswahl der Trefferstellen ganz subjektiv nach unserem fachlichen Ermessen erfolgte. Wir haben uns speziell auf jene Bestimmungen konzentriert, die die nicht-öffentlichen Stellen betreffen. Für Korrekturen und Anregungen sind wir dankbar.
nach obento top


Would you like to implement the EU General Data Protection Regulation step-by-step? Do you want clear explanations of specific issues and well-thought-out checklists? Do you want to ensure you are data-protection-compliant? If so the PrivazyPlan® is just what you are looking for.

© SecureDataService, Nicholas Vollmer, Priorstr. 63, D-41189 Mönchengladbach, Germany, +49 2166 96523-38, info@privazyplan.eu (siehe Impressum / Datenschutz) (16.12.2017)