2.   Each processor and, where applicable, the processor's representative shall maintain a record of all categories of processing activities carried out on behalf of a controller, containing:

     (a) the name and contact details of the processor or processors and of each controller on behalf of which the processor is acting, and, where applicable, of the controller's or the processor's representative, and the data protection officer;

     (b) the categories of processing carried out on behalf of each controller;

     (c) where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards;

     (d) where possible, a general description of the technical and organisational security measures referred to in Article 32(1).

High

General Data Protection Regulation

Chapter IV, Section 1, Article 30