Record of Processing Activities


Generate a record of all your data processing activities with one-click. Easy to keep up to date, so you always have the control over your companies data processes. Let us show you how:

Keep the control over all your processing activities

Pridatect assists you with the registration of your data processes

Assisted process

Report based on your previously identified treatment activities according to art. 30 GDPR

Easy to update

Modify any information and generate a new report in one click

Proactive responsibility

Complies with the GDPR principle of proactive responsibility

Learn all the details about the best practices of a DPO in our free ebook.

What is a register of processing activities?

Comply with GDPR and control all the data processed in your company

To keep a register of processing activities is a new corporate responsibility, set out in Article 30 of GDPR, which implies a clear and complete overview of all processing activities taking place within an organisation, and their consequent documentation. This process will require proactive collaboration by organisations.

Data controllers shall be responsible for keeping up-to-date records of all processing activities taking place within the organisation.

What information should the register of processing activities contain?

The records shall contain the following information:

  • The name and contact details of the controller and, where appropriate, of the processor;
  • The purposes of the processing;
  • A description of the categories of data subjects and of the categories of personal data;
  • The categories of recipient to whom the personal data have been or will be sent, including recipients in third countries or international organisations;
  • Transfers of personal data to a third country or international organisation, including documentation of appropriate safeguards;
    time limits for the deletion of different categories of data;
  • Time limits for the deletion of different categories of data;
  • An overview of the technical and organisational measures implemented.

How can Pridatect help you?



According to GDPR, it is not compulsory when the company has less than 250 workers.

However, there are some exceptions. If an enterprise has fewer than 250 employees, it is always mandatory, no matter how many employees, to keep a record of processing activities, if the data processed:

  • Is likely to present a risk to the rights and freedoms of the data subjects
  • Is related to convictions and criminal offences
  • On a non-occasional basis, includes special categories of personal data (indicated in article 9 of GDPR)
  • Racial or ethnic origin
  • Political opinion
  • Religious or philosophical beliefs
  • Union membership
  • Processing of genetic data
  • Biometric data aimed at uniquely identifying a natural person
  • Data concerning health or data concerning the sexual life or sexual orientations of a natural person

The record of processing activities must always be in electronic format. However, it is also valid in written format & must always be up to date.

The record will provide an overview of all data processing activities within the organisation and therefore allow organisations to control what type of data categories are being processed, by whom (which departments or business units) and for what underlying purposes. This knowledge will allow organisations to make internal connections, join efforts or projects with the same or equivalent objectives and/or challenges and result in greater control over data processing activities. This will provide insight into risks and necessary mitigation actions, and will inevitably empower organisations to do more – and in a well-ordered way – with the personal data available.


Find out how Pridatect can help you take control of your business’ data

Do you have any questions? Get in touch with our sales team.

☏ +44 7427 505253 | Monday to Friday from 8:00 to 17:00 GMT