Compliance Library Blog Product Sign In
GDPR-30-13 Documentation 30 — Records of processing activities

Processor record must list categories of processing activities

Description

The processor's processing record must include the categories of processing carried out on behalf of each controller.

Full Analysis & Evidence Requirements

Sign in to view the full obligation text, AI-generated applicability analysis, evidence checklists, and compliance mapping.

Sign In to View

Related Obligations

GDPR-30-01 Documentation

Controller must maintain record of processing activities
GDPR-30-02 Documentation

Controller's representative must maintain record of processing activities
GDPR-30-03 Documentation

Controller record must contain contact details and organizational information
GDPR-30-04 Documentation

Controller record must contain purposes of processing
GDPR-30-05 Documentation

Controller record must describe data subjects and personal data categories
GDPR-30-06 Documentation

Controller record must list recipients of personal data
GDPR-30-07 Documentation

Controller record must document international transfers
GDPR-30-08 Documentation

Controller record must include data retention time limits
GDPR-30-09 Documentation

Controller record must describe technical and organisational security measures
GDPR-30-10 Documentation

Processor must maintain record of processing activities

Map this obligation to your AI systems

ReguLume automatically maps regulatory obligations to your system inventory, identifies compliance gaps, and generates remediation plans.

Get Started

Start your compliance assessment

Map obligations to your AI systems, identify gaps, and generate board-ready reports. Plans start at $149/mo.

Get Started