Italian DPA’s guidance on how to record processing activities

Photo by Markus Spiske on Unsplash

On October 8, 2018, the Italian Garante per la Protezione dei Dati Personali, the Italian data protection authority, DPA, released instructions on how to maintain a record of processing activities, as well as a sample document compliant with Regulation (EU) no. 679/2016, the General Data Protection Regulation, GDPR.

The record – to be maintained by each controller and controller’s representative – is a document containing the main information relating to the processing activities carried out by a controller, or representative, according to article 30, GDPR.

The duty to maintain the record derives from the accountability principle. It provides an updated picture of the processing carried out by a controller for the purposes of assessing the possible risk. It must be shown to the DPA upon request.


The related press release may be found (in Italian) at…

A related list of question is available (in Italian) at…

Doc. web n. 9084520, Parere su una istanza di accesso civico, dated January 10, 2019, Registro dei provvedimenti n. 2 del 10 gennaio 2019 is available (in Itlaian) at…

A sample form of the record is available (in Italian) at…             Open PDF


For more information on how privacy to implement privacy policies in your business, contact Francesca Giannoni-Crystal. Thanks to Federica Romanelli.