Amsterdam University of Applied Sciences

Register of processing activities

To demonstrate its fulfilment of the obligations laid down in the GDPR, the AUAS is required to maintain a register of the processing activities for which the AUAS acts as controller. The register of processing activities is a summary of the most important information about processing activities relating to personal data.

The following information must be recorded in the register:

  • name and contact details of the AUAS;
  • where applicable, the names and contact details of parties with whom the AUAS acts as joint controller;
  • contact details of the data protection officer;
  • the purposes of the processing;
  • a description of the categories of data subjects and the categories of personal data;
  • the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations;
  • if applicable, transfers of personal data to a third country or an international organisation, including documentation of the suitable safeguards;
  • if possible, the envisaged terms within which the different categories of data must be erased;
  • if possible, a general description of the technical and organisational security measures.

It will soon be possible to record/modify/delete a processing activity by means of a (digital) registration form. Once the data protection officer has approved the processing activity, it can then be recorded/modified/deleted in the register.

Published by  Legal Affairs 12 June 2018