{"id":18157,"date":"2022-09-15T10:08:10","date_gmt":"2022-09-15T09:08:10","guid":{"rendered":"https:\/\/www.rosello-mallol.com\/?p=18157"},"modified":"2022-09-15T10:08:13","modified_gmt":"2022-09-15T09:08:13","slug":"record-processing-activities","status":"publish","type":"post","link":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/","title":{"rendered":"Record of processing activities"},"content":{"rendered":"\n<p>One of the main novelties of the GDPR is the obligation for controllers and processors to create and keep an <strong>updated record of the processing activities<\/strong> and their data, as set out in <strong>Art. 30 of the GDPR<\/strong>:<\/p>\n\n\n\n<p>For data controllers, this obligation is found in the first paragraph: <em>&#8220;<span style=\"text-decoration: underline;\">Each data controller<\/span> and, where applicable, the controller\u2019s representative shall maintain a record of processing activities under its responsibility&#8221;.<\/em><\/p>\n\n\n\n<p>For processors, we must go to the second paragraph<em>: \u201c<span style=\"text-decoration: underline;\">Each processor<\/span> and, where applicable, the processor\u2019s representative shall maintain a record of all categories of processing activities carried out on behalf of a controller\u201d.<\/em><\/p>\n\n\n\n<p>The article continues by indicating the <strong>minimum contents of the record of processing activities<\/strong>, also indicating that it can be created and maintained in electronic or manual format.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">How to organise the record of processing activities?<\/h2>\n\n\n\n<p>The <strong><a href=\"https:\/\/www.aepd.es\/es\/derechos-y-deberes\/cumple-tus-deberes\/medidas-de-cumplimiento\/actividades-tratamiento\" target=\"_blank\" rel=\"noreferrer noopener\">website<\/a><\/strong> of the AEPD explains basic aspects of this obligation, indicating the minimum data that the record of processing activities must contain:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>the name and contact details of the controller and, where applicable, the joint controller, the controller\u2019s representative and the data protection officer.<\/li><li>the purposes of the processing.<\/li><li>a description of the categories of data subjects and the categories of personal data.<\/li><li>the categories of recipients to whom the personal data has been or will be disclosed, including recipients in third countries or international organisations;<\/li><li>where applicable, transfers of personal data to a third country, including the identification of that third country or international organisation and, in the case of the transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards.<\/li><li>where possible, the envisaged time limits for erasure of the different categories of data.<\/li><li>where possible, a general description of the technical and organisational security measures.<\/li><\/ul>\n\n\n\n<p>Where the record is of the controller, the name of the controller on behalf of which the processor is acting must be added to the above.<\/p>\n\n\n\n<p>At a practical level, a good record of processing activities should be the basis for the remaining GDPR obligations, which include:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>An adequate privacy policy.<\/li><li>A good consent collection system, if necessary.<\/li><li>A correct data erasure system.<\/li><li>The risk analysis, and when appropriate, the impact assessment.<\/li><\/ul>\n\n\n\n<p>For this, the record of processing activities <strong>must clearly define the purpose of each process<\/strong>, avoiding generic records such as &#8220;clients&#8221;, &#8220;workers&#8221; or &#8220;suppliers&#8221;.&nbsp;<\/p>\n\n\n\n<p>A good record of processing activities clearly identifies which type of processing is carried out in each category or type of data and then, and only then, the record is complete; Some of the usual records of processing activities are:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Customer Management.<\/li><li>Billing and administration.<\/li><li>Customer Support.<\/li><li>After-sales service.<\/li><li>Payroll management.<\/li><li>Personnel selection.<\/li><li>Personnel training.<\/li><li>Labour control.<\/li><li>Video surveillance.<\/li><li>Etc.<\/li><\/ul>\n\n\n\n<p>As can be seen, despite the fact that the category of data subjects may be the same in these examples of records of processing activities (for example, labour control and personnel training that affect workers in both cases), aspects such as the following may differ in each case: lawful basis, data retention period, purpose, etc.<\/p>\n\n\n\n<p>This work is very often conducted by GDPR regulatory compliance programmes or tools, although the company or its advisor should, in any case, ensure that the criteria set by the company that owns the programme <strong>is adapted to the situation of the controller or the processor.<\/strong><\/p>\n\n\n\n<p>These tools are very useful but, as always, <strong>they must be adapted to the needs<\/strong> of the person who must comply with the GDPR and not the other way around. <strong>Having a good record of processing activities<\/strong> is the basis for proper compliance with the GDPR.<\/p>\n\n\n\n<p>If you need more information about this issue for your company, don&#8217;t hesitate to contact us!:<\/p>\n\n\n\n<div class=\"wp-block-contact-form-7-contact-form-selector\">\n<div class=\"wpcf7 no-js\" id=\"wpcf7-f13645-o1\" lang=\"en-US\" dir=\"ltr\" data-wpcf7-id=\"13645\">\n<div class=\"screen-reader-response\"><p role=\"status\" aria-live=\"polite\" aria-atomic=\"true\"><\/p> <ul><\/ul><\/div>\n<form action=\"\/en\/wp-json\/wp\/v2\/posts\/18157#wpcf7-f13645-o1\" method=\"post\" class=\"wpcf7-form init\" aria-label=\"Contact form\" novalidate=\"novalidate\" data-status=\"init\">\n<fieldset class=\"hidden-fields-container\"><input type=\"hidden\" name=\"_wpcf7\" value=\"13645\" \/><input type=\"hidden\" name=\"_wpcf7_version\" value=\"6.1.6\" \/><input type=\"hidden\" name=\"_wpcf7_locale\" value=\"en_US\" \/><input type=\"hidden\" name=\"_wpcf7_unit_tag\" value=\"wpcf7-f13645-o1\" \/><input type=\"hidden\" name=\"_wpcf7_container_post\" value=\"0\" \/><input type=\"hidden\" name=\"_wpcf7_posted_data_hash\" value=\"\" \/><input type=\"hidden\" name=\"_wpcf7_recaptcha_response\" value=\"\" \/>\n<\/fieldset>\n<p><label> Name (required) <span class=\"wpcf7-form-control-wrap\" data-name=\"your-name\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text wpcf7-validates-as-required uk-input\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"your-name\" \/><\/span> <\/label>\n<\/p>\n<p><label> Email (required) <span class=\"wpcf7-form-control-wrap\" data-name=\"your-email\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-email wpcf7-validates-as-required wpcf7-text wpcf7-validates-as-email uk-input\" aria-required=\"true\" aria-invalid=\"false\" value=\"\" type=\"email\" name=\"your-email\" \/><\/span> <\/label>\n<\/p>\n<p><label> Contact phone (telephone contact) <span class=\"wpcf7-form-control-wrap\" data-name=\"telefon\"><input size=\"40\" maxlength=\"400\" class=\"wpcf7-form-control wpcf7-text uk-input\" aria-invalid=\"false\" value=\"\" type=\"text\" name=\"telefon\" \/><\/span> <\/label>\n<\/p>\n<p><label> Message <span class=\"wpcf7-form-control-wrap\" data-name=\"your-message\"><textarea cols=\"40\" rows=\"5\" maxlength=\"2000\" class=\"wpcf7-form-control wpcf7-textarea uk-textarea\" aria-invalid=\"false\" name=\"your-message\"><\/textarea><\/span> <\/label>\n<\/p>\n<p><span class=\"wpcf7-form-control-wrap\" data-name=\"aceptacion-RGPD\"><span class=\"wpcf7-form-control wpcf7-acceptance\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"aceptacion-RGPD\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I read and accept the <a href=\"https:\/\/www.rosello-mallol.com\/en\/policy-privacy\/\" target=\"_blank\">Privacy Policy<\/a><\/span><\/label><\/span><\/span><\/span><br \/>\n<label><br \/>\n<span class=\"wpcf7-form-control-wrap\" data-name=\"acceptance-360\"><span class=\"wpcf7-form-control wpcf7-acceptance optional\"><span class=\"wpcf7-list-item\"><label><input type=\"checkbox\" name=\"acceptance-360\" value=\"1\" aria-invalid=\"false\" \/><span class=\"wpcf7-list-item-label\">I agree to receive the newsletter.<\/span><\/label><\/span><\/span><\/span><br \/>\n<input class=\"wpcf7-form-control wpcf7-submit has-spinner uk-button uk-button-primary\" type=\"submit\" value=\"Send\" \/><\/label>\n<\/p><p style=\"display: none !important;\" class=\"akismet-fields-container\" data-prefix=\"_wpcf7_ak_\"><label>&#916;<textarea name=\"_wpcf7_ak_hp_textarea\" cols=\"45\" rows=\"8\" maxlength=\"100\"><\/textarea><\/label><input type=\"hidden\" id=\"ak_js_1\" name=\"_wpcf7_ak_js\" value=\"23\"\/><script>\ndocument.getElementById( \"ak_js_1\" ).setAttribute( \"value\", ( new Date() ).getTime() );\n<\/script>\n<\/p><div class=\"wpcf7-response-output\" aria-hidden=\"true\"><\/div>\n<\/form>\n<\/div>\n<\/div>\n\n\n\n<h6 class=\"wp-block-heading\">Information on data protection<\/h6>\n\n\n\n<p><small><strong>Company name<\/strong><br>LEGAL IT GLOBAL 2017, SLP<br><\/small><small><strong>Purpose<br><\/strong><\/small><small>Providing the service.<br><\/small><small>Sending the newsletter.<br><\/small><small><strong>Legal basis<br><\/strong>Compliance with the service provision.<br>Consent.<br><\/small><small><strong>Recipients<\/strong><br>Your data will not be shared with any third party, except service providers with which we have signed a valid service agreement.<\/small><br><small><strong>Rights<\/strong><br>You may access, rectify or delete your data and exercise the rights indicated in our Privacy Policy.<\/small><br><small><strong>Further information<\/strong><br>See the&nbsp;<a href=\"https:\/\/www.rosello-mallol.com\/en\/policy-privacy\/\" target=\"_blank\" rel=\"noreferrer noopener\">Privacy Policy<\/a>.<\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the main novelties of the GDPR is the obligation for controllers and processors to create and keep an updated record of the processing activities and their data, as set out in Art. 30 of the GDPR: For data controllers, this obligation is found in the first paragraph: &#8220;Each data controller and, where applicable, [&hellip;]<\/p>\n","protected":false},"author":12,"featured_media":18150,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_joinchat":[],"footnotes":""},"categories":[246],"tags":[1160,496,425,549,449,439,395,396,1161,1162,1163,394,575],"class_list":["post-18157","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-activities","tag-aepd-2","tag-companies","tag-data","tag-data-protection","tag-european-union","tag-gdpr-2","tag-gdpr-compliant","tag-processing-activities","tag-record","tag-record-of-processing-activities","tag-rgpd-es-en","tag-startups-2"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.3 (Yoast SEO v27.7) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Record of processing activities | Rosell\u00f3 Mallol Law Firm<\/title>\n<meta name=\"description\" content=\"The record of processing activities is an obligation of the GDPR. Here you will find out what it is and what parts it should contain.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Record of processing activities\" \/>\n<meta property=\"og:description\" content=\"One of the main novelties of the GDPR is the obligation for controllers and processors to create and keep an updated record of the processing activities\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/\" \/>\n<meta property=\"og:site_name\" content=\"Rosell\u00f3 Mallol\" \/>\n<meta property=\"article:published_time\" content=\"2022-09-15T09:08:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-09-15T09:08:13+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g19bf5bcc4_1280.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"960\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Marketing\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:site\" content=\"@vic_rosello\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Marketing\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Record of processing activities | Rosell\u00f3 Mallol Law Firm","description":"The record of processing activities is an obligation of the GDPR. Here you will find out what it is and what parts it should contain.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/","og_locale":"en_US","og_type":"article","og_title":"Record of processing activities","og_description":"One of the main novelties of the GDPR is the obligation for controllers and processors to create and keep an updated record of the processing activities","og_url":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/","og_site_name":"Rosell\u00f3 Mallol","article_published_time":"2022-09-15T09:08:10+00:00","article_modified_time":"2022-09-15T09:08:13+00:00","og_image":[{"width":1280,"height":960,"url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g19bf5bcc4_1280.jpg","type":"image\/jpeg"}],"author":"Marketing","twitter_card":"summary_large_image","twitter_creator":"@vic_rosello","twitter_site":"@vic_rosello","twitter_misc":{"Written by":"Marketing","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/#article","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/"},"author":{"name":"Marketing","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/54fe3a9119386ad1ec22a0f09bc21147"},"headline":"Record of processing activities","datePublished":"2022-09-15T09:08:10+00:00","dateModified":"2022-09-15T09:08:13+00:00","mainEntityOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/"},"wordCount":697,"publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g19bf5bcc4_1280.jpg","keywords":["activities","AEPD","companies","data","Data Protection","European Union","gdpr","gdpr compliant","Processing activities","Record","Record of processing activities","RGPD","startups"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/","url":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/","name":"Record of processing activities | Rosell\u00f3 Mallol Law Firm","isPartOf":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/#primaryimage"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/#primaryimage"},"thumbnailUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g19bf5bcc4_1280.jpg","datePublished":"2022-09-15T09:08:10+00:00","dateModified":"2022-09-15T09:08:13+00:00","description":"The record of processing activities is an obligation of the GDPR. Here you will find out what it is and what parts it should contain.","breadcrumb":{"@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/#primaryimage","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g19bf5bcc4_1280.jpg","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g19bf5bcc4_1280.jpg","width":1280,"height":960,"caption":"Record of processing activities"},{"@type":"BreadcrumbList","@id":"https:\/\/www.rosello-mallol.com\/en\/record-processing-activities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Inici","item":"https:\/\/www.rosello-mallol.com\/en\/"},{"@type":"ListItem","position":2,"name":"Record of processing activities"}]},{"@type":"WebSite","@id":"https:\/\/www.rosello-mallol.com\/en\/#website","url":"https:\/\/www.rosello-mallol.com\/en\/","name":"Rosell\u00f3 Mallol","description":"Despatx advocats experts en TIC i Protecci\u00f3 de dades","publisher":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.rosello-mallol.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.rosello-mallol.com\/en\/#organization","name":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital","url":"https:\/\/www.rosello-mallol.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","contentUrl":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/logo-definitiu-web.png","width":4000,"height":736,"caption":"Rosell\u00f3 Mallol - Advocats especialistes en dret digital"},"image":{"@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/vic_rosello","https:\/\/www.instagram.com\/rosellomallol\/","https:\/\/www.linkedin.com\/in\/victorrosello\/","https:\/\/www.youtube.com\/channel\/UCxcqAdksWzsEaZ5UYoFJd0Q\/featured"]},{"@type":"Person","@id":"https:\/\/www.rosello-mallol.com\/en\/#\/schema\/person\/54fe3a9119386ad1ec22a0f09bc21147","name":"Marketing","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/337d1590ee4f05238bd6449f6d1442bd1df14a6fdeceb5aaa29f47c8a4598d96?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/337d1590ee4f05238bd6449f6d1442bd1df14a6fdeceb5aaa29f47c8a4598d96?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/337d1590ee4f05238bd6449f6d1442bd1df14a6fdeceb5aaa29f47c8a4598d96?s=96&d=mm&r=g","caption":"Marketing"},"url":"https:\/\/www.rosello-mallol.com\/en\/author\/marketing\/"}]}},"jetpack_featured_media_url":"https:\/\/www.rosello-mallol.com\/wp-content\/uploads\/business-g19bf5bcc4_1280.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/18157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/comments?post=18157"}],"version-history":[{"count":0,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/posts\/18157\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media\/18150"}],"wp:attachment":[{"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/media?parent=18157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/categories?post=18157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rosello-mallol.com\/en\/wp-json\/wp\/v2\/tags?post=18157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}