Records of Processing Activities

Records of processing activities is a written description on organisations processing activities. It is a key instrument for demonstrating compliance with the General Data Protection Regulation (GDPR) and works as a useful tool for organisations information management. Records of processing activities is beneficial for any organisation. Maintaining one is mandatory if one of the following criteria is met:

  1. Processing of personal data will likely cause a high risk for the rights and freedoms of data subject,
  2. Processing of personal data is continuous,
  3. Processing of personal data includes special categories of data, or personal data relating to criminal convictions and offences.

Overview of The Service

  • The service is a interview-based solution for creating a valid and easily maintainable record of processing activities.
  • Interviews are facilitated by ID Control Privacy Specialists. They will guide and assist organisation’s personnel to identify the information required for a high-quality record of processing activities.
  • Duration of a single interview is approximately 2-4 hours. Number of interviews is dependent on organisation’s size and nature of data processing.
  • ID Control delivers customer with a written documentation of records of processing activities and a task list for identified gaps.


  • The service is an efficient and light solution for creating a valid record of processing activities.
  • The service enhances implementation of a proactive data protection culture into an organisation.
  • Empowering way of working creates ownership to data protection and commits key personnel into maintaining records of processing.
  • Deliverable is easily maintainable and the task list enables delegation of necessary further measures for personnel responsible.

“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”
Benjamin Franklin