Which of the following are the mandatory pieces of information to be included in the documentation of records of processing activities for an organization that processes personal data on behalf of another organization?
Which of the following are the mandatory pieces of information to be included in the documentation of records of processing activities for an organization that processes personal data on behalf of another organization?
The documentation of records of processing activities for an organization that processes personal data on behalf of another organization must include the contact details of the processor and the Data Protection Officer (DPO). This requirement ensures that there is a responsible point of contact for any queries or concerns regarding data processing activities, aligning with the GDPR's emphasis on accountability and transparency in data protection practices.
As per Art. 30 GDPR Records of processing activities, it's mandatory to provide name/contact details of the controller/DPO. Providing time limits is only "where possible". https://gdpr-info.eu/art-30-gdpr/
Records of processing activities must include significant information about data processing, including data categories, the group of data subjects, the purpose of the processing and the data recipients. This must be completely made available to authorities upon request. https://gdpr-info.eu/issues/records-of-processing-activities/#:~:text=GDPR%20Records%20of%20Processing%20Activities&text=Records%20of%20processing%20activities%20must,available%20to%20authorities%20upon%20request.
I think it's D . This is not a GDPR based exam nor this question in particular mention it. So D is probably the right one.
D. Descriptions of the processing activities and relevant data subjects. The records of processing activities must include descriptions of the processing activities and relevant data subjects.
C is the answer
Meant to select C in my below comment (not B)