Data controllers
[ch 1: page 10]A data controller must keep a record of all the processing activities for which it is responsible, and this must contain all of the following information:
• the name and contact details of the controller, and the data protection officer if there is one;
• the purposes of the processing;
• a description of the categories of data subjects and of the categories of personal data;
• the categories of all recipients of the personal data;
• transfers of personal data to a third country or an international organisation, where applicable;
• where possible, the envisaged time limits for erasure of the different categories of data;
• where possible, a general description of their technical and organisational security measures.