Record of processing

Learn what a record of data processing activities is.
The record of data processing activities provides a clear and structured mapping of all personal data processing operations and will be the starting point for control by the Data Protection Authority.
For each processing, the record must indicate:


  • The identity and contact information of the DPO and the data controllers
  • The identity and contact information of the joint controllers, if any

Purpose of processing

  • The main purpose
  • The secondary purpose (s);
  • Compliance with a legal obligation
  • Execution of a contract
  • Legitimate business interest
  • Client's consent
  • Safeguarding the vital interests of the data subject or of another person

Data categories & retention

  • Type of people concerned
  • Data categories
  • Data retention period in active base, intermediate archivage and deletion
  • Storage location

Data transfers and corresponding guarantees

  • Identification of recipients (subsidiary; subcontractor; business partner; authorities, etc.)
  • Binding corporate rules in the event of transfers outside the EU with subsidiaries, contractual agreement clauses with subcontractors in unsuitable countries ...

Organisational and technical measures

  • Technical security measures and organizational arrangements put in place for each processing
  • Indication of access rights