"Data processor" record

Learn how to use Dastra's "Data processor" record.

Introduction

Article 30 of the GDPR sets out specific obligations for the personal data controller record and the data processor record. If your organization acts as both a processor and a controller, your record must therefore clearly distinguish between the two categories of activities.

In practice, in this case, the CNIL recommends that you keep 2 records:

  1. one for the processing of personal data for which you yourself are responsible,

  2. another for the processing operations that you carry out, as a data processor, on behalf of your clients.

The rest of this page deals only with the "Data processor" record.

The "Data processor" record

Each data processor is required to fill out a less extensive record.

This record contains :

  • the contact details of the data processor, its representative, if applicable, and its DPO

  • the contact details of all data controllers on whose behalf the data processor acts (usually the clients)

  • the categories of data processed

  • the recipients

  • the transfers outside the EEA

  • the security measures


You can change the type of processing activity (from one created as a data controller to one created as a processor, and vice versa) The procedure is available here

For more information

Dernière mise à jour