Regulates the demands regarding a record of processing. The Art. states that all controllers need to keep a record of the processing activities they are responsible for. With except for controllers whos organisation in fewer than 250 persons and their processing is not likely to result in a risk for the data subject which is stated in article 30 (5).

This record shall contain:

“(a) the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the data protection officer;
(b) the purposes of the processing;
(c) a description of the categories of data subjects and of the categories of personal data;
L 119/50 EN Official Journal of the European Union 4.5.2016
(d) the categories of recipients to whom the personal data have been or will be disclosed including recipients in third
countries or international organisations;
(e) where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second
subparagraph of Article 49(1), the documentation of suitable safeguards;
(f) where possible, the envisaged time limits for erasure of the different categories of data;
(g) where possible, a general description of the technical and organisational security measures referred to in.“

Article 30 (2) states that processors need to keep a similar record and what information this should include.