The National Data Protection Commission has published on its website a model of record of processing activities for controllers and a model for processors, in accordance with the requirements set forth in article 30 of the General Data Protection Regulation (Regulation (EU) 2016/679), which can be consulted aqui

According to this entity, these models aim to facilitate the fulfillment of a fundamental obligation of the GDPR, particularly by micro, small and medium companies.

These models consist of Excel files, with mandatory and optional fields, and are constructed in such a way that companies identify the various categories of personal data processed and, when acting as the data controllers, the retention period applicable to each category of personal data identified.