61Records of processing activitiesU.K.
(1)Each controller must maintain a record of all categories of processing activities for which the controller is responsible.
(2)The controller's record must contain the following information—
(a)the name and contact details of the controller;
(b)where applicable, the name and contact details of the joint controller;
(c)where applicable, the name and contact details of the data protection officer;
(d)the purposes of the processing;
(e)the categories of recipients to whom personal data has been or will be disclosed (including recipients in third countries or international organisations);
(f)a description of the categories of—
(i)data subject, and
(ii)personal data;
(g)where applicable, details of the use of profiling;
(h)where applicable, the categories of transfers of personal data to a third country or an international organisation;
(i)an indication of the legal basis for the processing operations, including transfers, for which the personal data is intended;
(j)where possible, the envisaged time limits for erasure of the different categories of personal data;
(k)where possible, a general description of the technical and organisational security measures referred to in section 66.
(3)Each processor must maintain a record of all categories of processing activities carried out on behalf of a controller.
(4)The processor's record must contain the following information—
(a)the name and contact details of the processor and of any other processors engaged by the processor in accordance with section 59(3);
(b)the name and contact details of the controller on behalf of which the processor is acting;
(c)where applicable, the name and contact details of the data protection officer;
(d)the categories of processing carried out on behalf of the controller;
(e)where applicable, details of transfers of personal data to a third country or an international organisation where explicitly instructed to do so by the controller, including the identification of that third country or international organisation;
(f)where possible, a general description of the technical and organisational security measures referred to in section 66.
(5)The controller and the processor must make the records kept under this section available to the Commissioner on request.