In continuation to our last post we now will deal with Records of Processing activities which are provided u/s. 61 of DPA. Section 61 provides that each controller must maintain a record of all categories of processing activities for which the controller is responsible.
Each processor must maintain a record of all categories of processing activities carried out on behalf of a controller. The record of controller must contain the following information-
- the name and contact details of the controller
- the name and contact details of joint controller (where applicable)
- the name and contact details of data protection officer (where applicable)
- the purposes of the processing
- the categories of recipient with whom personal data has been/will be shared
- a description of the categories of-
i) data subject and
ii) personal data
- details of the use of profiling (where applicable)
- the categories of transfers of personal data to a third country or an international organisation (where applicable)
- an indication of the legal basis for the processing operations, including transfers, for which the personal data is intended
- mention the time limits for erasure of the different categories of personal data
- a general description of the technical and organisational security measures referred to in section 66.
The record of processor must contain the following information-
- the name and contact details of the processor/s
- the name and contact details of the controller on behalf of which the processor is acting
- the name and contact details of data protection officer (where applicable)
- the categories of processing carried out on behalf of the controller
- the categories of transfers of personal data to a third country or an international organisation (where applicable)
- a general description of the technical and organisational security measures referred to in section 66.
Picture credit- https://dataprivacymanager.net/