Article 31 of Regulation (EU) 2018/1725 requires the ECB to retain information about its processing operations involving personal data, and to make this information publicly accessible. The information that is retained is referred to as records of processing operations.
Our records of processing operations contain the following information:
- the name and contact details of the controller;
- the purposes of processing personal data;
- a description of the categories of persons affected, including which personal data related to them will be processed;
- the categories of recipients to whom the personal data have been or will be disclosed including recipients in Member States, third countries or international organisations;
- details of the transfer, where applicable, of personal data to recipients in third countries or international organisations, including the name of the country or international organisations involved, as well as the documentation of relevant safeguarding measures undertaken;
- where possible, the envisaged time limits for erasure of the different categories of personal data.
The ECB also has adequate technical and organisational measures in place to ensure that personal data are processed securely in line with Article 33 of Regulation (EU) 2018/1725.
The records are part of a central register kept by the ECB’s Data Protection Officer (DPO). The register, including hyperlinks to the relevant records, can be found below. It is updated on a regular basis.
If you need more information about a particular data processing operation, please contact the ECB’s Data Protection Officer at email@example.com.
For any technical issues regarding access to the records please send an email to firstname.lastname@example.org.
List of notifications/records of processing operations per topic: