Data Protection Records Register

All EU institutions have the legal obligation to keep a central register of records of activities processing personal data (Article 31 of Regulation 2018/1725).
 
The register shall contain at least the following information (Article 31(1) of the Regulation):

• name and contact details of the controller, the data protection officer and, where applicable, the processor and the joint controller;
• the purpose(s) of the processing;
• description of the categories of data subjects and of the categories of personal data;
• the categories of recipients to whom the personal data have been or will be disclosed;
• where applicable, transfers of personal data to a third country or an international organisation and the documentation of suitable safeguards;
• where possible, the envisaged time limits for erasure of the different categories of data;
• where possible, a general description of the technical and organisational security measures to protect those personal data.

The list of records of EUISS activities processing personal data follows:

Access to the BLO

Access to Paris HQ

Appeals Procedure

Appointment of Appeals Board Members & Auditors

Appointment of Mediator

Appointment of the Secretary of the Appeals Board

Business Continuity Plan

CCTV

Distribution List Africa Portfolio

Evaluation – Promotion of staff

Establishment of Staff Committee

EUISS Newsletter

Financial Transactions

Issuance of Business Cards

Issuance of EU Laissez-Passer

IT User Accounts

Leave Management

Missions

Pension enttitlements

Personnel Files

Pre-recruitment and annual medical check-ups

Registration with Private Insurer

Registration of contract staff with the French Social Security

Registration of staff with the Protocol Service (Belgium)

Registration of staff with the Protocol Service (France)

Registration to Events

Selection of personnel

Travel arrangements

'What's to come' events invitations