§ 56 BlnDSG
Record of Processing Activities
(1)The controller shall maintain a record of all categories of processing activities under its responsibility. This record shall contain the following information: 1. the name and contact details of the controller and, where applicable, the joint controller, and the name and contact details of the data protection officer, 2. the purposes of the processing, 3. the sources of personal data regularly received, 4. information on the legal basis of the processing, 5. the categories of recipients to whom the personal data have been or will be disclosed, 6. a description of the categories of data subjects and the categories of personal data, 7. where applicable, the use of profiling, 8. where applicable, the categories of transfers of personal data to bodies in a third country or an international organisation, as well as planned transfers, 9. the time limits envisaged for the erasure or review of the necessity of the storage of the various categories of personal data, 10. a general description of the technical and organisational measures pursuant to Section 50, and 11. categories of persons or groups of persons with access authorisation.
(2)The processor shall maintain a record of all categories of processing carried out on behalf of a controller, containing the following: 1. the name and contact details of the processor, of each controller on whose behalf the processor acts, and, where applicable, of the data protection officer, 2. where applicable, transfers of personal data to bodies in a third country or an international organisation, specifying the country or organisation, and 3. a general description of the technical and organisational measures pursuant to Section 50.
(3)The records referred to in paragraphs 1 and 2 shall be maintained in writing or in electronic form.
(4)Controllers and processors shall make their records available to the Berlin Commissioner for Data Protection and Freedom of Information upon request. zur Einzelansicht § 56