Data protection records
All EU institutions have the legal obligation to keep a central register of records of activities processing personal data (Article 31 of Regulation 2018/1725).
The register shall contain at least the following information (Article 31(1) of the Regulation):
- name and contact details of the controller, the data protection officer and, where applicable, the processor and the joint controller;
- the purposes of the processing;
- description of the categories of data subjects and of the categories of personal data;
- the categories of recipients to whom the personal data have been or will be disclosed;
- where applicable, transfers of personal data to a third country or an international organisation and the documentation of suitable safeguards;
- where possible, the envisaged time limits for erasure of the different categories of data;
- where possible, a general description of the technical and organisational security measures to protect those personal data.
The list of records of EUDA activities processing personal data is below. In accordance with Regulation (EU) 2023/1322 of the European Parliament and of the Council of 27 June 2023, the European Union Drugs Agency (EUDA) is the legal successor of the European Monitoring Centre for Drugs and Drug Addiction (EMCDDA) and all references to the EMCDDA shall be construed as references to the EUDA.