# "Data processor" record ## Introduction Article 30 of the GDPR sets out specific obligations for the personal *data controller record* and the *data* *processor record*. If your organization acts as both a processor and a controller, your record must therefore clearly distinguish between the two categories of activities. **In practice, in this case, the CNIL recommends that you keep 2 records:** 1. one for the processing of personal data for which you yourself are responsible, 2. another for the processing operations that you carry out, as a data processor, on behalf of your clients. The rest of this page deals only with the "Data processor" record. ## The "Data processor" record Each data processor is required to fill out a less extensive record. This record contains : * the **contact details of the data processor**, its representative, if applicable, and its DPO * the **contact details of all data controllers on whose behalf the data processor acts** (usually the clients) * the **categories of data** processed * the **recipients** * the **transfers** outside the EEA * the **security measures**

The different sections of a "data processor" processing activity in Dastra

*** {% hint style="info" %} You can change the type of processing activity (from one created as a data controller to one created as a processor, and vice versa)\ [The procedure is available here](https://doc.dastra.eu/en/features/editer-le-registre/frequently-asked-questions#how-can-i-change-my-type-of-processing-activity-from-one-created-as-a-data-controller-to-one-created) {% endhint %} ## For more information {% content-ref url="data-controller-record" %} [data-controller-record](https://doc.dastra.eu/en/features/editer-le-registre/data-controller-record) {% endcontent-ref %}