§ 70 Records of processing activities

  1. The controller shall keep a record of all categories of processing activities under its responsibility. This record shall contain all of the following information:
    1. the name and contact details of the controller and, where applicable, of the joint controller; and the name and contact details of the data protection officer;
    2. the purposes of the processing;
    3. the categories of recipients to whom the personal data have been or are to be disclosed;
    4. a description of the categories of data subjects and of the categories of personal data;
    5. where applicable, the use of profiling;
    6. where applicable, the categories of transfers of personal data to bodies in a third country or to an international organization;
    7. information about the legal basis for the processing;
    8. the envisaged time limits for the erasure or for a review of the need to store the various categories of personal data; and
    9. a general description of the technical and organizational security measures referred to in Section 64.
  2. The processor shall maintain a record of all categories of processing activities carried out on behalf of a controller, containing
    1. the name and contact details of the processor, of each controller on behalf of which the processor is acting and, where applicable, the data protection officer;
    2. where applicable, transfers of personal data to bodies in a third country or to an international organization, including the identification of that third country or international organization; and
    3. a general description of the technical and organizational security measures according to Section 64.
  3. The records referred to in subsections 1 and 2 shall be in writing or in electronic form.
  4. Controllers and processors shall make these records available to the Federal Commissioner on request.

Content of the FDPA (new)

Part 1 – Common provisions (§§ 1 - 21)

Part 2 – Implementing provisions for processing for purposes in accordance with Article 2 of Regulation (EU) 2016/679 (§§ 22-44)

Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes

Sub-chapter 2 – Special processing situations

Chapter 2 – Rights of the data subject

Chapter 3 – Obligations of controllers and processors

Chapter 4 – Supervisory authorities for data processing by private bodies

Chapter 5 – Penalties

Chapter 6 – Legal remedies

Part 3 – Implementing provisions for processing for purposes in accordance with Article 1 (1) of Directive (EU) 2016/680 (§§ 45-84)

Chapter 1 – Scope, definitions and general principles for processing personal data

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Rights of the data subject

Chapter 4 – Obligations of controllers and processors

Chapter 6 – Cooperation among supervisory authorities

Chapter 7 – Liability and penalties

Part 4 – Special provisions for processing in the context of activities outside the scope of Regulation (EU) 2016/679 und Directive (EU) 2016/680 (§ 85)