Record of processing
Learn what a record of data processing activities is.
The record of data processing activities provides a clear and structured mapping of all personal data processing operations and will be the starting point for control by the Data Protection Authority.
For each processing, the record must indicate:
- The identity and contact information of the DPO and the data controllers
- The identity and contact information of the joint controllers, if any
- The main purpose
- The secondary purpose (s);
- Compliance with a legal obligation
- Execution of a contract
- Legitimate business interest
- Client's consent
- Safeguarding the vital interests of the data subject or of another person
- Type of people concerned
- Data categories
- Data retention period in active base, intermediate archivage and deletion
- Storage location
- Identification of recipients (subsidiary; subcontractor; business partner; authorities, etc.)
- Binding corporate rules in the event of transfers outside the EU with subsidiaries, contractual agreement clauses with subcontractors in unsuitable countries ...
- Technical security measures and organizational arrangements put in place for each processing
- Indication of access rights