What mandatory information must be included in a record of processing activities?

For each processing activity: Controller, purposes, categories of data subjects, categories of personal data, categories of recipients, third-country transfers including appropriate safeguards if relevant, deletion periods or criteria for their determination, as well as a description of technical and organizational measures.

Additionally, it is practical to include: system reference, process boundaries, roles, data sources, interfaces, responsible owners, and review date.

Support: /mein-shop/p/datenschutzrechtliche-verarbeitung