{"id":1364,"date":"2023-07-14T08:47:21","date_gmt":"2023-07-14T06:47:21","guid":{"rendered":"https:\/\/moorlaw.digicube.dev\/rechtsgebiet\/data-protection-register-of-processing-activities\/"},"modified":"2023-11-18T12:32:28","modified_gmt":"2023-11-18T11:32:28","slug":"data-protection-register-of-processing-activities","status":"publish","type":"rechtsgebiet","link":"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/data-protection-register-of-processing-activities\/","title":{"rendered":"Data Protection Register of Processing Activities"},"content":{"rendered":"\n<p>The revised data protection law (DSG) requires data controllers and data processors to maintain registers of their processing activities (Art. 12 nDSG).<\/p>\n\n<p>The law defines the minimum content of the registers but does not provide specific instructions on how to maintain the register. It stipulates that small and medium-sized enterprises (SMEs) are exempt from keeping a register if they employ fewer than 250 employees and pose only a low risk to personal data protection.<\/p>\n\n<p>The register of processing activities must include at least the following information:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Identity of the data controller<\/li>\n\n\n\n<li>Purpose of the processing<\/li>\n\n\n\n<li>Description of the categories of data subjects and the types of personal data processed<\/li>\n\n\n\n<li>Retention period (if possible) or criteria used to determine the retention period<\/li>\n\n\n\n<li>General description of the measures taken to ensure data security<\/li>\n\n\n\n<li>If data is disclosed internationally, indication of the country or the guarantees provided by alternative measures<\/li>\n<\/ul>\n\n<p>The register maintained by the data processor should include the following information:<\/p>\n\n<ul class=\"wp-block-list\">\n<li>Identity of the data processor<\/li>\n\n\n\n<li>Identity of the data controller<\/li>\n\n\n\n<li>Categories of processing activities performed on behalf of the data controller<\/li>\n\n\n\n<li>Description of the measures taken to ensure data security<\/li>\n\n\n\n<li>Indication of the country where data is disclosed internationally or the guarantees provided by alternative measures<\/li>\n<\/ul>\n\n<hr class=\"wp-block-separator has-text-color has-accent-color has-alpha-channel-opacity has-accent-background-color has-background\"\/>\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\"><div class=\"gb-container gb-container-98a7c598\">\n<div class=\"gb-container gb-container-11a0998e\">\n\n<p><strong>Services<\/strong><\/p>\n\n\n\r\n<section id=\"digicube-block-653b8880876e9\"  class=\"chooseposttype-wrap\" >\r\n    <ul class=\"cpt-posts\">\r\n                   <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/service\/legal-services-for-corporates\/\">Legal Services for Corporates<\/a>\r\n                <\/li>\r\n                   <\/ul>\r\n<\/section> \n<\/div>\n\n<div class=\"gb-container gb-container-25f5bccc\">\n\n<p><strong><strong>Further reading<\/strong><\/strong><\/p>\n\n\n\r\n<section id=\"digicube-block-653b888087772\"  class=\"chooseposttype-wrap\" >\r\n    <ul class=\"cpt-posts\">\r\n                   <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/what-should-smes-do\/\">What should SMEs do?<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/new-swiss-data-protection-law\/\">New Swiss Data Protection Law<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/documentation-obligations\/\">Data protection Documentation Obligations<\/a>\r\n                <\/li>\r\n                              <li class=\"custom-block-post\">\r\n                  <a href=\"https:\/\/moor-law.ch\/en\/law-field\/data-protection-law\/data-protection-representation-in-switzerland\/\">Data protection representation in Switzerland<\/a>\r\n                <\/li>\r\n                   <\/ul>\r\n<\/section> \n<\/div>\n<\/div><\/div><\/div>\n\n<hr class=\"wp-block-separator has-text-color has-accent-color has-alpha-channel-opacity has-accent-background-color has-background\"\/>\n","protected":false},"excerpt":{"rendered":"<p>The revised data protection law requires data controllers and data processors to maintain registers of their processing activities.<\/p>\n","protected":false},"featured_media":0,"parent":0,"menu_order":24,"template":"","rechtsgebiet-kategorie":[41],"class_list":["post-1364","rechtsgebiet","type-rechtsgebiet","status-publish","hentry","rechtsgebiet-kategorie-data-protection-law"],"acf":[],"_links":{"self":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet\/1364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet"}],"about":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/types\/rechtsgebiet"}],"wp:attachment":[{"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/media?parent=1364"}],"wp:term":[{"taxonomy":"rechtsgebiet-kategorie","embeddable":true,"href":"https:\/\/moor-law.ch\/en\/wp-json\/wp\/v2\/rechtsgebiet-kategorie?post=1364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}