Skip to main content
Mann schreib auf ein Whiteboard Data privacy

Register of processing activities (RPA)

Every responsible entrepreneur, managing director and processor is obliged to maintain a record of processing activities in accordance with Art. 30 GDPR.

This record must include all processing of personal data in your company. The technical and organisational measures required to protect the data in accordance with Art. 32 GDPR must be described.

My recommendations to you:

  • Use a directory of processing activities that I have created to identify the risks in your company!
  • Take appropriate measures to eliminate security gaps!
  • Ensure legal certainty when handling data!
  • You are doing good, so talk about it!

A coherent data protection concept that is well communicated is a competitive advantage today. You should not miss out on this head start!

My services at a glance

Minimum contents of the record of processing activities pursuant to Article 30(1) GDPR:

  1. the name and contact details of the controller and, where applicable, the joint controller, the controller's representative and any data protection officer;
  2. the purposes of the processing;
  3. a description of the categories of data subjects and the categories of personal data;
  4. the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations;
  5. where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation, and, in the case of data transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards;
  6. where possible, the envisaged time limits for erasure of the different categories of data;
  7. where possible, a general description of the technical and organisational measures referred to in Article 32(1).

My certifications

in the data protection environment

  • Data protection officer according to GDPR and BDSG-neu
    [Bitkom Academy]
  • Qualified IT risk manager according to ISO 31000 / ONR 49003
    [DGI German Society for Information Security AG]
  • AI compliance officer [Bitkom Academy]
  • Certified ScrumMaster® [Scrum Alliance]
  • PRINCE2® Practitioner [QRP Management Methods International GmbH]
Lasse Laube - Datenschutzbeauftragter
© Laube-consulting