Records of processing activities

29 October 2020
Europol Legal Framework

In the exercise of its tasks Europol processes also non-operational (administrative) personal data, unrelated to criminal investigations, such as personal data concerning staff of Europol, service providers or visitors. In accordance with Article 46 of Europol Regulation the processing of such data is subject to Regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies ( Regulation 2018/1725).

Under Article 31 (5) of Regulation 2018/1725 Europol has the legal obligation to keep a central register of records of processing activities which shall be made publicly accessible.

The register shall contain at least the following information (Article 31(1) of Regulation 2018/1725):

  • name and contact details of the controller, the data protection officer and, where applicable, the processor and the joint controller;
  • the purposes of the processing;
  • description of the categories of data subjects and of the categories of personal data;
  • the categories of recipients to whom the personal data have been or will be disclosed;
  • where applicable, transfers of personal data to a third country or an international organisation and the documentation of suitable safeguards;
  • where possible, the envisaged time limits for erasure of the different categories of data;
  • where possible, a general description of the technical and organisational security measures to protect those personal data.

The list of records of a number of activities entailing the processing of administrative personal data at Europol, with hyperlinks to the relevant record, could be found below: