How to: add a new processing activity

  1. Go > Privacy Management > Record of processing activities.
  2. Click ‘Add new processing activity’.

General Details

  1. Create a name for the processing activity by filling out the ‘Name of processing activity’ field.
  2. Enter a description into the ‘Description’ field.
  3. Decide if this processing is linked to one or more steps of a main process or linked to multiple main processes. Click ‘Yes’ if you want to create the link.
  4. Link a main process by selecting one of the ‘Main process’ list or by clicking the ‘+’ sign and creating a new main process by entering a name in the ‘Main process name’ field. Click ‘Save’. Select the created process from the ‘Main process’ list. Click on ‘x’ to delete a linked main process.
  5. Link a process step to the processing activity by selecting the specific step(s) from the Process step list.

Context/Scope

  1. Enter a description into the ‘Purpose description’ field.
  2. Select the applicable Office(s), if the processing activity is linked to a process this field will be filled out automatically.
  3. Select the applicable Department(s), if the processing activity is linked to a process this field will be filled out automatically.
  4. Select the ‘Processing Activity Creator’. By default this is the user who creates the processing activity
  5. Select the ‘Processing Activity Owner’. This can either be a selected User that is known within RESPONSUM or someone outside of RESPONSUM
  6. Select Other involved users from the user list or enter names/roles into the ‘other involved people’ field(expert).
  7. Create a review interval by entering a review interval number and selecting a review interval period (day/week/month/ day(s)/week(s)/month(s)).
  8. Select the role your organization takes in this processing activity: Controller or Processor.
  9. Select ‘yes’, if there are any joint-controllers used. Select the joint-controller from the ‘Add joint-controllers’ list.
  10. If the Start date of the processing activity is known, select ‘yes’ (expert).
  11. Select the start date (expert).
  12. If the end date of the processing activity is known, select ‘yes’ (expert).
  13. Select the end date (expert).

Personal Data

  1. Add a data subject by clicking on ‘Add Data Subject’, if the processing activity is linked to a process this field will be filled out automatically.
  2. Edit data about details, by clicking on Show Data about details. Select the country, estimated amount of individuals involved and the involvement time period.
  3. Add data by selecting Data Attributes and/or Data Objects from the list.
  4. Select the actors from the ‘Actors’ list.
  5. Select the legal basis from the ‘Legal Basis’ list.
  6. Select the notice template that is provided to the data subject in relation to this processing activity from the list (expert).
  7. Enter a description of the data processed into the field (expert).
  8. In case special categories are being processed, select the legal ground for processing Special categories of personal data (If applicable).
  9. Specify the legal ground selected.
  10. Select a department from the Access granted list or by clicking the ‘+’ sign and creating a new departments (expert).
  11. Enter a reason for access into the ‘reason’ field (expert).

IM Systems

  1. Add a IM system(s)  by selecting one of the list or by clicking the ‘+’ sign and creating a new IM System.
  2. Add more details of the specific location in the ‘Specific location’ field.

Retention Period

  1. Enter the retention period in the ‘Retention Period’ field.
  2. Select the ‘Retention unit’(day/week/month/ day(s)/week(s)/month(s)).
  3. Enter a description of the retention period into the ‘Retention Period’ field.
  4. Enter a trigger when the retention period starts (expert).
  5. Enter exceptions on retention period in the ‘Exceptions’ field (expert).
  6. Enter the action on the personal data after the retention period in the applicable field (expert).

Security of Processing

  1. Click on the “+” sign to add Technical & Organizational Measures (TOM’s) for the specific processing activity.
  2. Select the applicable measure from the drop down list or create a new measure by providing a name.
  3. If a new measure is added, fill out the description and measure type.
  4. Select the Related IM system(s) (If applicable).
  5. Add a deadline by selecting a date with the date picker.

Disclosure

  1. If there are External Data Processor(s) used, click ‘yes’.
  2. Select the External Data Processor(s) from the External Data Processor(s) list or by clicking the ‘+’ sign and creating a new External Data Processor.
  3. If data is transferred outside of the EEA, click ‘yes’.
  4. Select the Data transfer mechanism, from the Data transfer mechanism list: Adequacy decisionAppropriate safeguards – Approved certificationAppropriate safeguards – Approved code of conductAppropriate safeguards – Binding corporate rulesAppropriate safeguards – Standard contractual clauses by the European commissionAppropriate safeguards – Standard data protection clauses by a supervisory authority – DerogationExplicit consentInternational agreement.
  5. Enter a description of the Data transfer mechanism into the ‘Data transfer mechanism’ field.
  6. Add assets to the Data transfer mechanism description, by selecting a file or by dropping it in the field.
  7. If External Data Recipients are present, click ‘yes’.
  8. Select the External Data Recipients from the External Data Recipients list or by clicking the ‘+’ sign and creating a new External Data Recipients
  9. If Internal Data Recipients are present, click ‘yes’.
  10. If the internal Data Recipient is an Office, select the Internal Data Recipients from the Internal Data Recipients (Offices) list or by clicking the ‘+’ sign and creating a new Office
  11. If the internal Data Recipient is a department, select the Internal Data Recipients from the Internal Data Recipients (Departments) list or by clicking the ‘+’ sign and creating a new department.

Custom

  1. Add a custom fields by clicking on the “+” sign.
  2. Provide a custom field label by entering a name.
  3. Click “add”.
  4. Fill out the custom field and/or
  5. Enter more information about the processing activity into this field.

Updated on June 8, 2022

Was this article helpful?

Related Articles