(1) A controller shall create and maintain a record in writing containing the following information in relation to each category of processing activity for which it is responsible:
(a) the identity and contact details of the controller and, where applicable, the controller's data protection officer or any joint controller;
(b) a description of -
(i) the purpose of the processing,
(ii) the categories of personal data concerned,
(iii) the categories of data subjects to which the personal data relate,
(iv) the categories of recipients to which the personal data have been or will be disclosed, including recipients in a third country or an international organisation, if any,
(v) the categories of transfer of personal data to a third country or an international organisation, if any,
(vi) the legal basis for the processing operation for which the personal data are intended, including the transfer of the data, where applicable, and
(vii) where possible, the proposed time limit within which eac
…