Record of processing activities

The GDPR record of processing activities is an instrument that is essential for your compliance and allows you to identify your personal data processing activities.

The aim is to protect personal data within your company correctly and to help you respect individual rights and freedoms.

Article 30 of the General Data Protection Regulation (GDPR) states the requirement to hold a record of processing activities.

The objective? To make public or private organisations more accountable and to demonstrate compliance with the GDPR.

The requirement for a GDPR processing record applies to all data controllers and their data processors. However, an exception to this obligation applies if the organisation has at most 250 employees.

The processing map enables compliance to be followed over time and to feed the processing record. It is a helpful tool for companies to measure their compliance and take action to maintain it.

It will allow your company to react in any situation and help you in all other essential tasks, such as respecting the rights of data subjects to their data and their privacy.

While completing the record of processing, it is essential to be organised and to follow a structured approach. This exercise requires all personal data processing activities to be recorded and described in detail. It is, therefore, necessary to specify each processing activity, whether it involves sensitive data, for what purposes, who the actors involved (Data Protection Officer, Data Controller, service providers, etc.), whether or not there are data transfers, what legal basis (consent, contract, etc.) is used, the source of the data collected, etc.
That’s why carrying out a data processing map beforehand is recommended.