The Guarantor for the protection of personal data has made the instructions available on its website Register of processing activities, provided for by Regulation (EU) no. 679/2016 (hereinafter “GDPR”).
The Register, which must be prepared by the data controller and the data processor, is a document containing the main information (specifically identified by art. 30 of the Regulation) relating to the processing operations carried out by a company, an association, a commercial establishment, a freelancer. The obligation to draw up the Register constitutes one of the main elements of accountability of the data controller, since it represents a suitable tool for providing an updated overview of the processing in progress within its organization, essential for the purposes of risk assessment or analysis and therefore preliminary to such activity. The Register must be in written form, including electronic, and must be exhibited upon request to the Guarantor. As specified in the FAQs of the Guarantor, companies or organizations with at least 250 employees are required to draw up the Register and - with fewer than 250 employees - any owner or manager who carries out processing that may present risks, even if not high, for the rights and freedoms of individuals or who carries out non-occasional processing of data or processing of particular categories of data (such as biometric data, genetic data, data on health, religious beliefs, ethnic origin, etc.), or even data relating to criminal convictions and crimes. The FAQs indicate, among other things, what information the Register must contain and the methods for its conservation and updating.
The Register, which must be prepared by the data controller and the data processor, is a document containing the main information (specifically identified by art. 30 of the Regulation) relating to the processing operations carried out by a company, an association, a commercial establishment, a freelancer. The obligation to draw up the Register constitutes one of the main elements of accountability of the data controller, since it represents a suitable tool for providing an updated overview of the processing in progress within its organization, essential for the purposes of risk assessment or analysis and therefore preliminary to such activity. The Register must be in written form, including electronic, and must be exhibited upon request to the Guarantor. As specified in the FAQs of the Guarantor, companies or organizations with at least 250 employees are required to draw up the Register and - under 250 employees - any owner or manager who carries out processing that may present risks, even if not high, for the rights and freedoms of individuals or who carries out non-occasional processing of data or processing of particular categories of data (such as biometric data, genetic data, data on health, religious beliefs, ethnic origin, etc.), or even data relating to criminal convictions and crimes. The FAQs indicate, among other things, what information the Register must contain and the methods for its conservation and updating.p style
The Register, which must be prepared by the data controller and the data processor, is a document containing the main information (specifically identified by art. 30 of the Regulation) relating to the processing operations carried out by a company, an association, a commercial establishment, a freelancer. The obligation to draw up the Register constitutes one of the main elements of accountability of the data controller, since it represents a suitable tool for providing an updated overview of the processing in progress within its organization, essential for the purposes of risk assessment or analysis and therefore preliminary to such activity. The Register must be in written form, including electronic, and must be exhibited upon request to the Guarantor. As specified in the FAQs of the Guarantor, companies or organizations with at least 250 employees are required to draw up the Register and - with fewer than 250 employees - any owner or manager who carries out processing that may present risks, even if not high, for the rights and freedoms of individuals or who carries out non-occasional processing of data or processing of particular categories of data (such as biometric data, genetic data, data on health, religious beliefs, ethnic origin, etc.), or even data relating to criminal convictions and crimes. The FAQs indicate, among other things, what information the Register must contain and the methods for its conservation and updating.
The Register, which must be prepared by the data controller and the data processor, is a document containing the main information (specifically identified by art. 30 of the Regulation) relating to the processing operations carried out by a company, an association, a commercial establishment, a freelancer. The obligation to draw up the Register constitutes one of the main elements of accountability of the data controller, since it represents a suitable tool for providing an updated overview of the processing in progress within its organization, essential for the purposes of risk assessment or analysis and therefore preliminary to such activity. The Register must be in written form, including electronic, and must be exhibited upon request to the Guarantor. As specified in the FAQs of the Guarantor, companies or organizations with at least 250 employees are required to draw up the Register and - under 250 employees - any owner or manager who carries out processing that may present risks, even if not high, for the rights and freedoms of individuals or who carries out non-occasional processing of data or processing of particular categories of data (such as biometric data, genetic data, data on health, religious beliefs, ethnic origin, etc.), or even data relating to criminal convictions and crimes. The FAQs indicate, among other things, what information the Register must contain and the methods for its conservation and updating.p style
https://www.garanteprivacy.it/home/faq/registro-delle-attivita-di-trattamento
