Records of processing activities is a written description on organisations processing activities. It is a key instrument for demonstrating compliance with the General Data Protection Regulation (GDPR) and works as a useful tool for organisations information management. Records of processing activities is beneficial for any organisation. Maintaining one is mandatory if one of the following criteria is met:
- Processing of personal data will likely cause a high risk for the rights and freedoms of data subject,
- Processing of personal data is continuous,
- Processing of personal data includes special categories of data, or personal data relating to criminal convictions and offences.
Overview of The Service
- The service is a interview-based solution for creating a valid and easily maintainable record of processing activities.
- Interviews are facilitated by ID Control Privacy Specialists. They will guide and assist organisation’s personnel to identify the information required for a high-quality record of processing activities.
- Duration of a single interview is approximately 2-4 hours. Number of interviews is dependent on organisation’s size and nature of data processing.
- ID Control delivers customer with a written documentation of records of processing activities and a task list for identified gaps.
Benefits
- The service is an efficient and light solution for creating a valid record of processing activities.
- The service enhances implementation of a proactive data protection culture into an organisation.
- Empowering way of working creates ownership to data protection and commits key personnel into maintaining records of processing.
- Deliverable is easily maintainable and the task list enables delegation of necessary further measures for personnel responsible.
“They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”
– Benjamin Franklin