RECORDS OF PROCESSING ACTIVITIES

ASSESSMENT

Logo_GDPR_Masters_Schild.png

The best starting point for GDPR compliance is a good inventory of the personal data that you as a company or organization maintain and use. You must also convert that information into a formal Register of the processing of personal data.

A data inventory is an investigation in which it is mapped which personal data are processed by or on behalf of the organization and under which circumstances. One of the ways in which this can be achieved is what is called the "systems / processing method".

Hereby it must first be charted which processing of personal data takes place, where and which personal data are processed and then what is (further) done with the data. In other words: you must make an inventory of what systems (applications / software, files and other data collections such as paper) you have and what processing is carried out with this personal data.

GOALS

A data inventory serves four purposes:

1.    Assessing legality (data minimization, privacy by design, etc.)

The GDPR sets quite a few requirements for the processing of personal data. In order to be able to determine whether the processing meets the requirements set by the GDPR, you will of course first have to know which processing there are at all and how these are currently designed.

2.    Determine the impact on the organization

Once you know which processing takes place under which circumstances and you have determined what the desired situation would be, you can determine what needs to be done within the framework of the GMS and therefore what the impact (such as costs, capacity, lead time) will be on your organization.

3.    Register of processing activities

The GDPR explicitly obliges organizations to keep a register of processing operations (Article 30 of the GDPR). The results of the data inventory serve as the basis for creating such a register, which the application automatically creates.

4.    Awareness 

By involving employees, they are forced to think about the subject of privacy. This will give privacy awareness a boost within the organization.