European data controllers may think that registration has been abolished, in light of Records of Processing Activities (RoPA) requirements under GDPR.(1) However, this is not the case. Accordingly, this article reviews registration requirements in the EEA under GDPR,(2) for those outside the European Economic Area (EEA) who roughly follow the GDPR(3) (i.e. “EEA and Others”), and 20 other countries and regions outside the EEA with data protection laws (i.e. “Non-EEA Europe and Others”).(4)

Historically, European data controllers have been required to register their processing activities. Of the 20 “Non-EEA Europe and Others” countries noted, 17 require some form of registration for data controllers,(5) whilst nine of “EEA and Others” do so: Denmark, Estonia, France, Guernsey, Isle of Man, Jersey, Malta, the Netherlands, and the UK. Few require data processors to register.