Faq – Records of processing activities



Records of processing activities

Who should maintain the Records of processing activities: the controller, the processor or the DPO?

The GDPR is very clear on this point: each controller shall maintain a Record of processing activities carried out under its responsibility. Besides, each processor shall maintain a Record of all the categories of processing activities carried out on behalf of a controller. However, nothing prevents the controller or the processor from assigning the DPO with the task of maintaining the Records of processing activities. The controller and the processor can surely seek advice of the DPO when accomplishing the obligation.

What format should the Records of processing activities have? Is there a standard model?

The Records of processing activities shall be kept in writing, in any format, including electronic format. The supervisory authorities can make available standard models, especially to facilitate this obligation to micro, small and medium-sized companies, organisations or entities, but they are not compulsory.

Should the Record of processing activities be published or sent to the supervisory authority?

It shall be kept by the controller and the processor and does not have to be published. It shall be made available to the supervisory authority on request.



To learn more, click here or contact me.

Leave a Reply

Your email address will not be published.


Privacy Policy - Cookie Policy - Website terms & conditions - Website map

Tiziana Minella - Via Vittoria Colonna, 32 - 10155 Torino (TO - Italy) - VAT IT03152590018 - mob. +39 366.4761338 - + 39 338.6626635