Data controllers

A data controller must keep a record of all the processing activities for which it is responsible, and this must contain all of the following information:

• the name and contact details of the controller, and the data protection officer if there is one;

• the purposes of the processing;

• a description of the categories of data subjects and of the categories of personal data;

• the categories of all recipients of the personal data;

• transfers of personal data to a third country or an international organisation, where applicable;

• where possible, the envisaged time limits for erasure of the different categories of data;

• where possible, a general description of their technical and organisational security measures.