Record of processing activities

This step is small for a company, but it is big for GDPR compliance.

Contrary to popular belief, the goal of the GDPR is not to impose millions in fines on as many companies as possible. The Regulation allows data subjects to gain more rights to their own personal information and encourages businesses to treat these subjects’ data more carefully.

Before dealing with privacy rules, businesses need to know what personal data are collected, what happens to them, why and how long they are processed. In fact, you need to be aware of movements of personal information as well as financial movements. However, it will not be the accounting department that will keep track of the movements. The solution rests in a record of processing activities that must be maintained by each controller in accordance with Article 30 of the GDPR.

Why is it useful?

Fundamental understanding.

You will understand the strengths and weaknesses of working on the protection of personal data, get information about strengths and weaknesses of your data protection systems. And you will know how to fill them in the least expensive and the most effective way.

 

Proof in case of inspections.

Having the record is one of the GDPR requirements. In a situation where a supervisory authority knocks on your door, the record of processing activities will serve as reliable proof that the company is committed to complying with the rules of the Regulation.

dpo

Are you planning to work or already working on GDPR-compliance?

The record of processing activities can be your magic wand, as it is the simplest and most reliable tool. Its presence allows not only to take an important step towards compliance with the requirements of the Regulation, but also to gain an overall picture of all processing activities. This is a kind of inventory, foundation, and reference point for the company's privacy program.

If you buy the service from us, then, after creating it, our expert will tell you how to ensure compliance with the GDPR.

 

 

Ask a question

 

What does the record look like?

It is a table with the following columns: 1) processing activities and categories of personal data and 2) legal grounds. It also points out the conditions of cross-border data transfer and, in some cases, the planned time frame for the deletion of various categories of personal data, a general description of technical and organizational security measures, and much more. 

Реестр

Steps

Step 1. Interview

To determine the processes where personal data are processed, the consultant conducts several online meetings during which he or she receives the necessary information from the client, as well as answers their questions.

 

Step 2. Filling in the record

Based on the data obtained as a result of the interview, the consultant fills the personal data flows, terms, goals, and grounds of processing and describes technical measures and processors involved in processing activities.

 

Step 3. Presentation of the record 

Further, the consultant explains in detail how the record functions and gives recommendations on what needs to be done to comply with the GDPR.

 

dpo

Why is it better to order a record of processing activities rather than an audit?

After the audit, the company usually has only a list of errors and shortcomings. If you choose a service for compiling a record of processing activities, you will not only learn what mistakes were made while working with personal data, but also get a full-fledged record, as well as recommendations for working on the GDPR in the future.

Any other questions?






    The course is loading, wait a few seconds