Skip to main content



Search form

Records Register

Records Register

ESMA has the legal obligation to keep a central register of records of activities processing personal data (Article 31 of Regulation 2018/1725).

    The register shall contain at least the following information:

    • name and contact details of the controller, the data protection officer and, where applicable, the processor and the joint controller;
    • the purposes of the processing;
    • description of the categories of data subjects and of the categories of personal data;
    • the categories of recipients to whom the personal data have been or will be disclosed;
    • where applicable, transfers of personal data to a third country or an international organisation and the documentation of suitable safeguards;
    • where possible, the envisaged time limits for erasure of the different categories of data;
    • where possible, a general description of the technical and organisational security measures to protect those personal data;
    • information about data subjects’ rights and on how to exercise those rights

    The list of records of ESMA’s activities processing personal data, with hyperlinks to the relevant record, follows: