(1) A controller (or, where personal data is processed on behalf of the controller by a processor, the processor) must keep logs for at least the following processing operations in automated processing systems -
(a) collection;
(b) alteration;
(c) consultation;
(d) disclosure (including transfers);
(e) combination;
(f) erasure.
(2) The logs of consultation must make it possible to establish -
(a) the justification for, and date and time of, the consultation, and
(b) so far as possible, the identity of the person who consulted the data.
(3) The logs of disclosure must make it possible to establish -
(a) the justification for, and date and time of, the disclosure, and
(b) so far as possible -
(i) the identity of the person who disclosed the data, and
(ii) the identity of the recipients of the data.
(4) The logs kept under subsection (1) may be used only for one or more of the following purposes -
(a) to verify the lawfulness of processing;
…