In this article we will talk about how to create, compile and manage a processing activity
process register | processing | legal basis | personal data | data retention
Personal data processing
Creation of new processing activity
In the document about the creation of the register of processing operations, we have given great importance to the concept of processing and to how fundamental it is, from the very beginning, to deal with the compilation of this section in a complete and correct manner.
The elements of a processing activity
To guide you in this activity, here are the main elements that made a personal data processing:
Who processes the data: these are all the roles involved in the processing activity. Some are always present, such as the controller and the authorized persons. Others are optional, such joint controllers, representatives, processor, and the DPO.
Why are data processed: we refer to the purposes and legal basis of the processing operation. These elements identify the reason for which the data is processed and which legal bases make it possible.
How the data are processed: we refer to security measures (technical and organizational), to the assets where personal data is stored, but also to the physical and legal entities to which they will be communicated or transferred.
Whose data are they: the data processed belong to the persons to whom they refer, that is, to the data subjects and not to those who process them. That is why we should be aware of the rights that these individuals have.
What will happen to the data: starting from the idea that processing data is a highly critical activity, we must ask ourselves what unpleasant events can happen if they are no longer available, are accidentally modified or even end up in the wrong hands.
How do I create a new processing activity?
To add new processing activity to an existing record of processing, simply go to the Registers menu, select the one you are interested in and open the Processing activities tab.
Clicking the (+) button, the processing activity card will appear. It is organized into the following sections:
General: it contains the general information about a processing activity, such as the status, the description or the list of authorized persons.
Assets:itcontains the list of the tools used by the organization to process personal data.
Controller: when you are editing a record of processing of a data processor you can specify who is the controller.
External roles: you can link existing data processor, representatives of the controller, DPOs, and joint controllers.
Purposes and types: here you canspecify the purposes of the processing activity and the type of personal data involved.
Legal basis: here you can specify, for each purpose, the legal basis.
Categories: it contains the categories of data subjects, categories of personal data, and the categories of recipients to whom the data will be communicated or transferred.
Data retention: itcontains the the data retention or criteria in relation to the categories of personal data.
Transfers: it containsthe list of countries and international organizations to which data are transferred.
Attachments:here you can uploadany kind of file in any format.
Sharing: here you can share the processing activity with an external or internal collaborator.
When working on a processing activity, UTOPIA keeps track of all the changes made by the user and even if you accidentally close a card without saving, a dialog box will appear, allowing you not to lose the work done.