Register of the Data Protection Officer (DPO)
The Register is a data base containing all Notifications on the processing of personal data send to DPO by Controllers. Article 26 of Regulation 45/2001 requires the Data Protection Officer to keep a Register on processing operations of personal data and requires that this Register may be inspected by any person.
The Notifications kept in the Register should provide at least the following information:
- the name and address of the controller and an indication of the organisational parts of an institution or body entrusted with the processing of personal data for a particular purpose;
- the purpose or purposes of the processing;
- a description of the category or categories of data subjects and of the data or categories of data relating to them;
- the legal basis of the processing operation for which the data are intended;
- the recipients or categories of recipient to whom the data might be disclosed;
- a general indication of the time limits for blocking and erasure of the different categories of data;
- proposed transfers of data to third countries or international organisations;
- a general description allowing a preliminary assessment to be made of the appropriateness of the measures taken pursuant to Article 22 to ensure security of processing.