What is the use of directory submission
EU General Data Protection Regulation (GDPR): Sample processing directory for processors
Data processing directory with Word download and application example
The experts of the Austrian Economic Chambers have the following model of a data processing directory for their member companies in accordance with Article 30 (2) of the EU General Data Protection Regulation (GDPR) for Processor created.
A fictitious example that has already been filled out is available as an aid to filling out the form under “Application example for those responsible” (PDF version) in the download area.
The stored watermark "Pattern" can easily be removed from the Word document.
Data processing directory according to Art 30 Paragraph 2 EU General Data Protection Regulation (GDPR) - (Processor)
- Master sheet of the processor
- Master sheet of the person responsible and information on order data processing
- General description of the organizational and technical measures
Master sheet of the processor
Name and contact details of the processor (s)
Name and address:
E-mail address (and any other contact details such as phone number):
Name and contact details (address, e-mail and any other contact details such as telephone number) of the data processor's data protection officer :
Master sheet for the person responsible on whose behalf data is processed and information on order data processing
Name and contact details of the person (s) responsible (jointly) for processing (= client)
Name (s) and address (es):
E-mail address (es) (and any other contact details such as phone number):
Name and contact details (address, e-mail and any other contact details such as telephone number) of the data protection officer: 
Name and contact details (address, e-mail and any other contact details such as telephone number) of the representative of the person responsible: 
Categories of processing that are carried out on behalf of the specific controller(Indication of the service offered in connection with the processing of personal data)
Transfer of personal data to third countries, including international organizations
If so, please state the relevant third country or international organization:
Documentation of the appropriate guarantees made in the event of a transfer to third countries that is not based on Art 45, 46, 47 or 49 Paragraph 1 Subparagraph 1 GDPR (especially if there is no adequacy decision of the European Commission, no standard contractual clauses of the European Commission or the national data protection authority are used or approved certification mechanisms are used, no binding corporate rules are applied (approved, binding internal data protection regulations), the transmission is not required for contract fulfillment purposes or there is no express consent): 
General description of the technical and organizational measures
- Confidentiality: 
- Integrity: 
- Availability and resilience:
- Pseudonymization and encryption:
- Evaluation measures:
 If a data protection officer has been appointed on a mandatory or voluntary basis. Whether the information of the data protection officer of the person responsible in the processing directory of the processor (under point B) is mandatory cannot yet be conclusively clarified due to the formulation of the provision of Art 30 Paragraph 2 lit a GDPR; however, citing them can make it easier to work with the person responsible in individual cases.
 Whether the data of a data protection officer appointed by the person responsible is also to be documented in the processing directory of the order processor cannot be clearly read from the text of the regulation. For pragmatic reasons, however, it seems to make sense to include this data (if available) in the directory, as it facilitates the data protection cooperation between the controller and the processor.
 This includes representatives of those responsible who are not established in the EU.
 See the WKO leaflet “International Data Traffic”.
 Prevention of (unintentional) disclosure or unauthorized access to personal data.
 Prevention of (unintentional) destruction / destruction, (unintentional) damage, (unintentional) loss, (unintentional) modification of personal data.
- What is data analysis with Python
- What is 60 meters in feet
- What is the Greek symbol for death
- Why does it glitter on snow?
- How do the Americans feel about the Chinese?
- What is anti national
- Can 13-year-olds eat more
- What nationality was John Lennon
- Can cold emailing be done from MailChimp
- People can die of exhaustion
- What drives you to be happy
- Can a chimpanzee climb
- Is vegetarian food inanimate food
- Who are the allies of Malaysia
- Which recipe really makes a cook?
- How does the government pursue crypto currency
- How can I stop being weird?
- What exactly does Quora do
- Are Scorpios attractive
- Which paradigm is the successor to OOP
- What strategies are used in startups
- How many people follow the Veeramachaneni diet
- Grow a plant in the Martian soil
- What do Reddit users think of Quora
- Are all professional singers famous
- Should I play the lottery every day
- How much does a lot cost
- Are the AirPods Pro worth the 250
- Repels dark matter regular matter
- How much does the maintenance of the yacht cost
- Do we really feel pain while dying
- What do intelligent people think of death?
- Can 13-year-olds eat more
- What is stock market efficiency