This template is designed to make it easier for small and medium-sized enterprises (controllers) to create their own records of processing activities. Each of the 8 sections that make up this form for creating records of categories of processing activities must be adapted to the categories of data processing activities in your organization/company. Keep in mind that it is not a document that is the same for all small and medium-sized enterprises, or organizations/companies, even for those from the same industry, and that the record of processing activities must reflect the data processing that your organization carries out on behalf of the controller.
Each processor and representative of the processor, if applicable, keeps records of all categories of processing activities performed for the controller. In the event that the processing carried out by the processor is likely to cause a high risk to the rights and freedoms of the data subject, if the processing is not occasional or the processing includes special categories of data, the processor is obliged to keep records of categories of processing activities. The Agency's recommendation to all processors is to keep records of all categories of processing they process for each controller on whose behalf they process personal data. In this way, you will have an overview of all personal data processing activities that you process on behalf of the data controller, and this record is one of the tools used to prove compliance with the GDPR.
