/Docs/G/EU-GDPR-Law-CmA/Sec/Article/30.md
  Source views: Source JSON(ish) on GitHub (VSCode)   Doc views: Document (&k=r00t): Visual Print Technical: OpenParameters Xray
Ti = Article 30 - Records of {_processing} activities
1.0.sec = Each {_controller} and, where applicable, the {_controller}'s {_representative}, shall maintain a record of {_processing} activities under its responsibility. That record shall contain all of the following information:
1.1.sec = the name and contact details of the {_controller} and, where applicable, the joint {_controller}, the {_controller}'s {_representative} and the data protection officer;
1.2.sec = the purposes of the {_processing};
1.3.sec = a description of the categories of {_data_subjects} and of the categories of {_personal_data};
1.4.sec = the categories of {_recipients} to whom the {_personal_data} have been or will be disclosed including {_recipients} in third countries or {_international_organisations};
1.5.sec = where applicable, transfers of {_personal_data} to a third country or an {_international_organisation}, including the identification of that third country or {_international_organisation} and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of appropriate safeguards;
1.6.sec = where possible, the envisaged time limits for erasure of the different categories of data;
1.7.sec = where possible, a general description of the technical and organisational security measures referred to in Article 32(1).
1. = [G/Z/ol-a/s7]
2.0.sec = Each {_processor} and, where applicable, the {_processor}'s {_representative} shall maintain a record of all categories of {_processing} activities carried out on behalf of a {_controller}, containing:
2.1.sec = the name and contact details of the {_processor} or {_processors} and of each {_controller} on behalf of which the {_processor} is acting, and, where applicable, of the {_controller}'s or the {_processor}'s {_representative}, and the data protection officer;
2.2.sec = the categories of {_processing} carried out on behalf of each {_controller};
2.3.sec = where applicable, transfers of {_personal_data} to a third country or an {_international_organisation}, including the identification of that third country or {_international_organisation} and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of appropriate safeguards;
2.4.sec = where possible, a general description of the technical and organisational security measures referred to in Article 32(1).
2. = [G/Z/ol-a/s4]
3.sec = The records referred to in paragraphs 1 and 2 shall be in writing, including in electronic form.
4.sec = The {_controller} or the {_processor} and, where applicable, the {_controller}'s or the {_processor}'s {_representative}, shall make the record available to the {_supervisory_authority} on request.
5.sec = The obligations referred to in paragraphs 1 and 2 shall not apply to an {_enterprise} or an organisation employing fewer than 250 persons unless the {_processing} it carries out is likely to result in a risk to the rights and freedoms of {_data_subjects}, the {_processing} is not occasional, or the {_processing} includes special categories of data as referred to in Article 9(1) or {_personal_data} relating to criminal convictions and offences referred to in Article 10.
= [G/Z/ol/s5]