Register of processing activities
FORMAL ANSWER
The controller’s register of processing activities is a document containing: the name and contact details of the controller and any joint controllers, and where applicable the controller’s representative and the data protection officer; the purposes of processing; a description of the categories of data subjects and personal data; categories of recipients to whom personal data have been or will be disclosed, including recipients in third countries or international organisations; where applicable, transfers of personal data to a third country or international organisation, including the name of that country or organisation, and in the case of transfers referred to in Article 49(1), second paragraph GDPR, documentation of suitable safeguards; where possible, the envisaged time limits for erasure of the different categories of data; where possible, a general description of the technical and organisational security measures referred to in Article 32(1) GDPR.
The processor’s register of processing activities is a document containing: the name and contact details of the processor or processors and of each controller on whose behalf the processor acts, and where applicable the controller’s or processor’s representative and the data protection officer; the categories of processing carried out on behalf of each controller; where applicable, transfers of personal data to a third country or international organisation, including the name of that country or organisation, and in the case of transfers referred to in Article 49(1), second paragraph GDPR, documentation of suitable safeguards; where possible, a general description of the technical and organisational security measures referred to in Article 32(1) GDPR.
PRACTICAL ANSWER
The register of processing activities is a document in which information is kept up to date about, among other things, the purposes for which personal data are processed, whose data they concern, their scope, to whom they are disclosed, and how long they will be stored. The register also includes general information on how data are secured and whether they are transferred outside the European Union. Two types of register are distinguished — for the controller (containing broad information on processed data) and for the processor (where you must indicate above all on whose behalf personal data are processed, as well as the scope of data and the type of operations performed on them).
MORE:
- You can find more information in the article: Register of processing activities — the centre of GDPR compliance maintenance


