- Organize personal data processing activities by area and division
- Apply GDPR-compliant processing activity templates
- Duplicate processing activities
- Transfer processing activities between divisions
- Work in “Article 30 record” mode to check completeness, or activate “extended record” mode
- Sort the record by ascending/descending order or keyword
- View the number of processing activity search results in each status
- Export record to Excel or PDF
All your processing activities are already stored in an Excel file? Our import feature allows you to import your data quickly and securely onto the Data Legal Drive platform.
The data processing record is at the core of the GDPR. It identifies your personal data processing activities and allows you to monitor compliance.
The record is designed to ensure full protection of the personal data processed by your organization, and to help you protect individual rights and freedoms.
Article 30 of the General Data Protection Regulation requires that public and private organizations keep a record of their data processing activities.
The goal of this record is to make organizations accountable, and to allow them to demonstrate their compliance.
All data controllers and their processors are required to keep a record of their processing activities. Organizations with fewer than 250 employees may be exempt from this obligation.
Data mapping allows you to monitor your compliance and regularly update the record of processing activities. The record allows organizations to take stock of their compliance and to take actions to ensure it is maintained.
It allows your organization to respond to any situation, and will help you in the essential task of protecting the rights of data subjects and their privacy.
To build a faithful record of your personal data processing activities, you must be methodical and organized. All processing activities must be listed and described in detail. This means identifying each processing activity, determining whether it concerns sensitive data, describing its purposes, persons and/or entities involved (Data Protection Officer, Data Controller, Processors, etc.), whether there are data transfers and what their legal basis is (consent, contract, etc.), where the collected data comes from, and more.