Processing Register

The General Data Protection Regulation (GDPR) requires organisations to keep track of their personal data processing operations in a processing register. Almost all organisations are obliged to do so.

Is a processing register required?

The General Data Protection Regulation (GDPR) requires the maintenance of a processing register for any organization with more than 250 employees, but also for organizations with fewer than 250 employees within which:

  • Risky processing of personal data takes place;
  • Special categories of personal data are processed; and
  • Structural processing takes place.

In short, the obligation to keep a processing register applies to almost every organisation.

What should be stated in a processing register?

The processing register contains information about the personal data that is processed within an organisation. The processing register shall specify which personal data are used, for what purpose, where they are stored and with whom they may be shared. Article 30 of the GDPR sets out the specific requirements that must be included in the processing register of a 'controller', i.e. the requirements that the controller must meet are:

  • the name and contact details of the controller and any joint controllers and, where applicable, of the controller's representative and of the data protection officer;
  • the processing purposes;
  • a description of the categories of data subjects and categories of personal data;
  • the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations;
  • where applicable, transfers of personal data to a third country or an international organisation, including an indication of that third country or international organisation the documents relating to the appropriate safeguards;
  • where possible, the envisaged time limits for erasure of the different categories of data; and
  • if possible, a general description of the technical and organisational security measures.

 The 'processor' is also obliged to keep a register. This register looks the same as the register of the controller.

Legal Q can assist you in drawing up a processing register. For example, we can draw up a processing register in which you can make adjustments yourself from time to time, so that your register will always be up-to-date.

Contact us

For more information about this service or if you have any other questions within the framework of the GDPR, please feel free to contact us.



Specialist processing register

The maintenance of a processing register is an obligation for many organisations on the basis of the General Data Protection Regularion (GDPR). Our model makes it easy for you to comply with this obligation.
Innovation / Growth / Commitment

Lawyer processing register

Do you have questions about this subject? We can help you with this. Contact us without obligation!