Ti | = | Article 30 - Records of {_processing} activities |
1.0.sec | = | Each {_controller} and, where applicable, the {_controller}'s {_representative}, shall maintain a record of {_processing} activities under its responsibility. That record shall contain all of the following information: |
1.1.sec | = | the name and contact details of the {_controller} and, where applicable, the joint {_controller}, the {_controller}'s {_representative} and the data protection officer; |
1.2.sec | = | the purposes of the {_processing}; |
1.3.sec | = | a description of the categories of {_data_subjects} and of the categories of {_personal_data}; |
1.4.sec | = | the categories of {_recipients} to whom the {_personal_data} have been or will be disclosed including {_recipients} in third countries or {_international_organisations}; |
1.5.sec | = | where applicable, transfers of {_personal_data} to a third country or an {_international_organisation}, including the identification of that third country or {_international_organisation} and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of appropriate safeguards; |
1.6.sec | = | where possible, the envisaged time limits for erasure of the different categories of data; |
1.7.sec | = | where possible, a general description of the technical and organisational security measures referred to in Article 32(1). |
1. | = | [G/Z/ol-a/s7] |
2.0.sec | = | Each {_processor} and, where applicable, the {_processor}'s {_representative} shall maintain a record of all categories of {_processing} activities carried out on behalf of a {_controller}, containing: |
2.1.sec | = | the name and contact details of the {_processor} or {_processors} and of each {_controller} on behalf of which the {_processor} is acting, and, where applicable, of the {_controller}'s or the {_processor}'s {_representative}, and the data protection officer; |
2.2.sec | = | the categories of {_processing} carried out on behalf of each {_controller}; |
2.3.sec | = | where applicable, transfers of {_personal_data} to a third country or an {_international_organisation}, including the identification of that third country or {_international_organisation} and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of appropriate safeguards; |
2.4.sec | = | where possible, a general description of the technical and organisational security measures referred to in Article 32(1). |
2. | = | [G/Z/ol-a/s4] |
3.sec | = | The records referred to in paragraphs 1 and 2 shall be in writing, including in electronic form. |
4.sec | = | The {_controller} or the {_processor} and, where applicable, the {_controller}'s or the {_processor}'s {_representative}, shall make the record available to the {_supervisory_authority} on request. |
5.sec | = | The obligations referred to in paragraphs 1 and 2 shall not apply to an {_enterprise} or an organisation employing fewer than 250 persons unless the {_processing} it carries out is likely to result in a risk to the rights and freedoms of {_data_subjects}, the {_processing} is not occasional, or the {_processing} includes special categories of data as referred to in Article 9(1) or {_personal_data} relating to criminal convictions and offences referred to in Article 10. |
= | [G/Z/ol/s5] | |