The Data Protection Officer (DPO) is required to keep a register of all the processing operations on personal data carried out by the Commission. The register, which must contain information explaining the purpose and conditions of all processing operations, is accessible to any interested person.

The records kept in the database should provide at least the following information:

(a) the name and contact details of the controller, the data protection officer and, where applicable, the processor and the joint controller;

(b) the purposes of the processing;

(c) a description of the categories of data subjects and of the categories of personal data;

(d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in Member States, third countries or international organisations;

(e) where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and the documentation of suitable safeguards;

(f) where possible, the envisaged time limits for erasure of the different categories of data;

(g) where possible, a general description of the technical and organisational security measures referred to in Article 33

Access to register