Common use of Record of Processing Activities Clause in Contracts

Record of Processing Activities. 5.1 According to article 30, paragraph 2, of the GDPR, the Processor undertakes to keep a separate register, constantly updated for all categories of activities relating to the processing of Relevant Personal Data carried out on behalf of the Controller. This Record must contain: a) the name and contact details of the Processor and of its Sub-Processors involved in the processing of Relevant Personal Data, the Controller and, where applicable, the data protection officer of the Controller and of the Processor; b) the categories of processing activities carried out on behalf of the Controller; c) where applicable, Relevant Personal Data transferred to a third country or an international organization, including the identification of the third country or international organization and, for the transfers referred to in the second paragraph of article 49 of the GDPR, documentation of adequate guarantees; d) a general description of the technical and organizational security measures defined in article 32, paragraph 1 of the GDPR. 5.2 The Processor undertakes to promptly provide the Controller with a copy of the register, upon request of the Controller and/or competent authorities. 5.3 The Processor undertakes to provide the Controller with all relevant information concerning the processing of Relevant Personal Data necessary for the Controller to prepare its own registry of the processing activities, as defined by article 30, paragraph 1, of the GDPR.