TwitterDeutsche Version

FDPA Part 3 - Chapter 4 - § 70

Records of processing activities

  1. The controller shall keep a record of all categories of processing activities under its responsibility. This record shall contain all of the following information:
    1. the name and contact details of the controller and, where applicable, of the joint controller; and the name and contact details of the data protection officer;
    2. the purposes of the processing;
    3. the categories of recipients to whom the personal data have been or are to be disclosed;
    4. a description of the categories of data subjects and of the categories of personal data;
    5. where applicable, the use of profiling;
    6. where applicable, the categories of transfers of personal data to bodies in a third country or to an international organization;
    7. information about the legal basis for the processing;
    8. the envisaged time limits for the erasure or for a review of the need to store the various categories of personal data; and
    9. a general description of the technical and organizational security measures referred to in Section 64.
  2. The processor shall maintain a record of all categories of processing activities carried out on behalf of a controller, containing
    1. the name and contact details of the processor, of each controller on behalf of which the processor is acting and, where applicable, the data protection officer;
    2. where applicable, transfers of personal data to bodies in a third country or to an international organization, including the identification of that third country or international organization; and
    3. a general description of the technical and organizational security measures according to Section 64.
  3. The records referred to in subsections 1 and 2 shall be in writing or in electronic form.
  4. Controllers and processors shall make these records available to the Federal Commissioner on request.