§ 58 LDSG RP
Records of Processing Activities
(1)The controller shall maintain a record of all categories of processing activities under its responsibility. This record shall contain the following information: 1. the name and contact details of the controller and, where applicable, the joint controllers and the name and contact details of the data protection officer, 2. the purposes of the processing, 3. the categories of recipients to whom the personal data have been or will be disclosed, 4. a description of the categories of data subjects and of the categories of personal data, 5. where applicable, the use of profiling, 6. where applicable, the categories of transfers of personal data to bodies in a third country or to an international organisation, 7. the legal basis of the processing including the transfers for which the personal data are intended, 8. where possible, the envisaged time limits for erasure of the different categories of personal data, 9. where possible, a general description of the technical and organisational measures pursuant to Section 53.
(2)The processor shall maintain a record of all categories of processing activities carried out on behalf of a controller, which shall contain the following: 1. the name and contact details of the processor, of each controller on whose behalf the processor is acting and, where applicable, of the data protection officer, 2. the categories of processing carried out on behalf of each controller, 3. where applicable, transfers of personal data to bodies in a third country or to an international organisation, 4. where possible, a general description of the technical and organisational measures pursuant to Section 53.
(3)The records referred to in paragraphs 1 and 2 shall be maintained in writing or in electronic form.
(4)Controllers and processors shall make their records available to the State Commissioner for Data Protection and Freedom of Information upon request. zur Einzelansicht § 58