Register processing of personal data to the record

This page was updated in January 2023. Please note that we regularly update these pages.

If you process personal data, you must register the processing to the record. Here you can learn more about:

  • what a record is.
  • how you register your processing of personal data.
  • what your obligations are.

What is a record?

A record is an overview of the processing of personal data. 

Pursuant to the rules of the General Data Protection Regulation, Aarhus University (AU) is obligated to maintain a record of all personal data processing activities performed by the university in the role of data controller or data processor.

The purpose of maintaining such a record is to ensure that AU has an overview of all personal data processing activities carried out by AU when AU is either the data controller or the data processor.

The university is also obligated to submit its record to the Danish Data Protection Agency upon the Danish Data Protection Agency’s request, so that the Agency can oversee data controllers and/or data processors.

There are only two formal requirements for the record: it must be written and it must be electronic. These requirements ensure adherence to the principle of accountability: you need written documentation to demonstrate accountability.

Who is required to register processing activities in the record?

As a researcher employed at AU, you are responsible for ensuring that AU meets all data protection obligations in your research project. As an institution, AU is either a data controller or a data processor. However, it's your responsibility as a researcher to ensure an adequate level of data protection in your research project.

If you are responsible for processing personal data in a research project, you must ensure that the project has been registered in AU's record. Register your project using a notification form. 

Which notification form should I use?

AU's role in your research project depends on how processing of personal data is to take place. Learn more about data protection roles.

What are my obligations towards the record?

As the contact person linked to a registration in the record, as a minimum you have the following obligations towards the record.

You must be able to answer/examine questions about data protection issues in relation to the processing of personal data.

You must inform the Research Data Office using this formular:

  • if the processing of personal data that you registered changes. For example, if the number of data subjects changes, or if you include new data sources or other external actors. Remember to state the relevant serial number if the processing of personal data continues for longer than the end date for processing that we have received from you. 
  • if you are going to disclose personal data to an external party.

You must contact the Research Data Office at

  • It is important that you inform us about what has happened to the data when you stop processing personal data, and if the contact person/contact information changes, for example if:
    • you go on leave, including maternity/paternity leave.
    • your employment at AU ceases.
    • you change jobs internally at AU.

Can I see the information I have registered in the record?

Contact the Research Data Office at and ask for a copy of the information that has been registered with you as the contact person. Remember to indicate the serial number you received in the confirmation letter.

Expected case processing time for the record of processing activities in research

  • New registrations to the record of processing activities: Within 3 weeks of notification.
  • Updates to existing registrations: Within 2 weeks of receiving changes.
  • Guidance on notification to the record of processing activities: Within 1 week of receiving the request.
  • Assistance in applying to the Danish Data Protection Agency: Within 2 weeks of receiving the form.
  • Registration of disclosure: Within 2 weeks of receiving the internal notification.