Records of processing activities
We are obliged to maintain a record of our processing activities. The record will contain, amongst other matters, information about:
- why we process personal data
- describe the categories of individuals and the categories of personal data
- state the categories of recipients to whom personal data has been or will be disclosed to
- where possible, state the envisaged time limits for erasure of the different categories of data
- where possible, give a general description of the technical and organisational security measures that we have in place
If officers are aware of any changes in the above they should inform the data protection officer who will make the required changes to the record.