FantasticSearch

3. The logs shall be used only for data protection monitoring, including checking the admissibility of a request and the lawfulness of data processing, and for ensuring data security. They shall be protected by appropriate measures against unauthorised access and shall be erased five years after their creation, unless they are required for monitoring procedures that are ongoing.

4. Member States shall ensure that authorities operating centralised bank account registries take appropriate measures so that staff are aware of applicable Union and national law, including the applicable data protection rules. Such measures shall include specialised training programmes.

1. Member States shall provide that the authorities operating the centralised bank account registries ensure that logs are kept each time designated competent authorities access and search bank account information in accordance with Article 4(1) and (1a). ◄ The logs shall include, in particular, the following:

(a) the national file reference;

(b) the date and time of the query or search;

(c) the type of data used to launch the query or search;

(d) the unique identifier of the results;

(e) the name of the designated competent authority consulting the registry;

(f) the unique user identifier of the official who made the query or performed the search and, where applicable, of the official who ordered the query or search and, as far as possible, the unique user identifier of the recipient of the results of the query or search.

2. The data protection officers for the centralised bank account registries shall check the logs regularly. The logs shall be made available, on request, to the competent supervisory authority established in accordance with Article 41 of Directive (EU) 2016/680.