The processing may pose a risk to the rights and freedoms of data subjects (processing giving rise to discrimination, revealing racial origin, etc.);
The processing is routine (personnel management (HR), supplier management or customer management, which are not carried out occasionally);
The processing concerns special categories of data, so-called "sensitive data" (data relating to racial or ethnic origin, religion or beliefs, political or other opinions, health, etc.);
The processing carried out refers to judicial data.
The regulations specify that the absence of a data protection officer (DPO) does not exempt the organization from keeping a record of processing operations.
The new Regulation also requires those responsible for processing personal data to keep a record of processing.
What should a treatment record contain?
tile banner
The information contained in the record of processing operations must answer the following questions: Who?
Who: the personal data of the data controller,
Why are they processed? This is a description of the purpose of the data processing,
What data? The different categories of interested parties and data processed,
Where: This involves locating the data and specifying its recipients,
Until when? The planned destruction periods must be defined,
How? This involves describing the technical and organisational security italy whatsapp shopping data measures that must be implemented to protect data.
As there is no exact list of elements that must be included in a processing record, it is possible to add other complementary elements such as the need for an impact analysis, a record of data breaches, etc.
Example of data processing record with CaptainDPO
CaptainDPO publishes a SaaS software solution to help DPOs manage their organization's GDPR compliance.
A list of the different treatment operations is presented,
The data controllers,
the company,
The status of each processing operation (In progress - Compliant - Non-compliant).
CaptainDPO will allow you to discover where you are not complying with regulations so that you can take the necessary measures by creating tasks and ensuring compliance.