GDPR - BG CS DE EL EN ES ET FI FR GA IT LV LT MT PT SK SL SV
KAPITOLU IV
Kontrollur u proċessur
Taqsima 1
Obbligi ġenerali
Artikolu 30 Reġistru tal-attivitajiet ta' pproċessar
1. Kull kontrollur u, fejn applikabbli, ir-rappreżentant tal-kontrollur, għandu jżomm reġistru tal-attivitajiet ta' pproċessar taħt ir-responsabbiltà tiegħu. Dak ir-reġistru għandu jkollu l-informazzjoni kollha li ġejja:
|
(a)
|
l-isem u d-dettalji tal-kuntatt tal-kontrollur u, fejn applikabbli, il-kontrollur konġunt, ir-rappreżentant tal-kontrollur u l-uffiċjal tal-protezzjoni tad-data;
|
|
(b)
|
il-finijiet tal-ipproċessar;
|
|
(c)
|
deskrizzjoni tal-kategoriji ta' suġġetti tad-data u tal-kategoriji ta' data personali;
|
|
(d)
|
il-kategoriji ta' riċevituri li lilhom tkun ġiet żvelata jew ser tiġi żvelata d-data personali inklużi riċevituri f'pajjiżi terzi jew organizzazzjonijiet internazzjonali;
|
|
(e)
|
fejn applikabbli, trasferimenti ta' data personali lil pajjiż terz jew organizzazzjoni internazzjonali, inkluża l-identifikazzjoni ta' dak il-pajjiż terz jew organizzazzjoni internazzjonali u, fil-każ ta' trasferimenti msemmija fit-tieni subparagrafu tal-Artikolu 49(1), id-dokumentazzjoni ta' salvagwardji xierqa;
|
|
(f)
|
fejn ikun possibbli, il-limiti ta' żmien imbassrin għat-tħassir tad-diversi kategoriji ta' data;
|
|
(g)
|
fejn ikun possibbli, deskrizzjoni ġenerali tal-miżuri tekniċi u organizzattivi ta' sigurtà msemmija fl-Artikolu 32(1).
|
2. Kull proċessur u, fejn applikabbli, rappreżentant tal-proċessur għandhom iżommu reġistru tal-kategoriji kollha ta' attivitajiet tal-ipproċessar imwettqa f'isem kontrollur, li jkun fih:
|
(a)
|
l-isem u d-dettalji tal-kuntatt tal-proċessur jew proċessuri u ta' kull kontrollur li l-proċessur qed jaġixxi f'ismu, u, fejn applikabbli, tar-rappreżentant tal-kontrollur jew tal-proċessur, u tal-uffiċjal tal-protezzjoni tad-data;
|
|
(b)
|
il-kategoriji tal-ipproċessar imwettaq f'isem kull kontrollur;
|
|
(c)
|
fejn applikabbli, trasferimenti ta' data personali lil pajjiż terz jew organizzazzjoni internazzjonali, inkluża l-identifikazzjoni ta' dak il-pajjiż terz jew organizzazzjoni internazzjonali u, fil-każ ta' trasferimenti msemmija fit-tieni subparagrafu tal-Artikolu 49(1), id-dokumentazzjoni ta' salvagwardji xierqa;
|
|
(d)
|
fejn ikun possibbli, deskrizzjoni ġenerali tal-miżuri tekniċi u organizzattivi ta' sigurtà msemmija fl-Artikolu 32(1).
|
3. Ir-reġistru msemmi fil-paragrafi 1 u 2 għandu jkun bil-miktub, inkluż f'forma elettronika.
4. Il-kontrollur jew il-proċessur u, fejn applikabbli, ir-rappreżentant tal-kontrollur jew tal-proċessur, għandhom jagħmlu r-reġistru disponibbli għall-awtorità superviżorja fuq talba.
5. L-obbligi msemmija fil-paragrafi 1 u 2 ma għandhomx japplikaw għal impriża jew organizzazzjoni li timpjega inqas minn 250 persuna ħlief jekk l-ipproċessar li twettaq x'aktarx jirriżulta f'riskju għad-drittijiet u l-libertajiet tas-suġġetti tad-data, l-ipproċessar mhuwiex okkażjonali, jew l-ipproċessar jinkludi kategoriji speċjali ta' data kif imsemmija fl-Artikolu 9(1) jew l-ipproċessar ta' data personali relatata ma' kundanni kriminali u reati msemmija fl-Artikolu 10.
- fejn 10
- applikabbli 7
- data 6
- msemmija 6
- organizzazzjoni 5
- internazzjonali 5
- tal-kontrollur 5
- personali 5
- tal-proċessur 4
- l-ipproċessar 4
- terz 4
- tad-data 4
- fl-artikolu 4
- trasferimenti 4
- kontrollur 4
- tal-kategoriji 3
- possibbli 3
- ikun 3
- għandu 3
- deskrizzjoni 3
- tal-ipproċessar 3
- ir-rappreżentant 3
- subparagrafu 2
- tal-artikolu 2
- id-dokumentazzjoni 2
- salvagwardji 2
- fit-tieni 2
- kull 2
- reġistru 2
- inkluża 2
- l-identifikazzjoni 2
- il-pajjiż 2
|
GDPR - BG CS DE EL EN ES ET FI FR GA IT LV LT MT PT SK SL SV
CHAPTER IV
Controller and processor
Section 1
General obligations
Article 30 Records of processing activities
1. Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility. That record shall contain all of the following information:
|
(a)
|
the name and contact details of the controller and, where applicable, the joint controller, the controller's representative and the data protection officer;
|
|
(b)
|
the purposes of the processing;
|
|
(c)
|
a description of the categories of data subjects and of the categories of personal data;
|
|
(d)
|
the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations;
|
|
(e)
|
where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards;
|
|
(f)
|
where possible, the envisaged time limits for erasure of the different categories of data;
|
|
(g)
|
where possible, a general description of the technical and organisational security measures referred to in Article 32(1).
|
2. Each processor and, where applicable, the processor's representative shall maintain a record of all categories of processing activities carried out on behalf of a controller, containing:
|
(a)
|
the name and contact details of the processor or processors and of each controller on behalf of which the processor is acting, and, where applicable, of the controller's or the processor's representative, and the data protection officer;
|
|
(b)
|
the categories of processing carried out on behalf of each controller;
|
|
(c)
|
where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards;
|
|
(d)
|
where possible, a general description of the technical and organisational security measures referred to in Article 32(1).
|
3. The records referred to in paragraphs 1 and 2 shall be in writing, including in electronic form.
4. The controller or the processor and, where applicable, the controller's or the processor's representative, shall make the record available to the supervisory authority on request.
5. The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.
- controller 11
- data 10
- referred 8
- processor 7
- categories 7
- applicable 7
- processing 7
- article 6
- shall 6
- third 5
- organisation 5
- international 5
- representative 5
- personal 5
- including 4
- transfers 4
- record 4
- country 4
- description 3
- the 3
- behalf 3
- possible 3
- safeguards 2
- each 2
- general 2
- suitable 2
- subparagraph 2
- case 2
- second 2
- technical 2
- organisational 2
- each 2
|
