From May 2018 all data controllers and data processors are faced with a new challenge, create and keep constantly updated a list of all data processing operations carried out by the organization.
It will be necessary to take a detailed look at all the information related to each individual processing operation, for example, how and why the data are processed, for how long, if they are communicated or transferred to third parties, what kind of data they are and after how long they are deleted.
First of all, as stated in the regulation, the usefulness of the register consists in the possibility of showing the Supervisory Authority a map of the organization in the event of checks or inspections in order to facilitate operations.
Let us not forget that cooperation with the authority will be one of the measures to determine the gradualness of any sanctions.
However, theregister of processing operations is above all a working tool that allows the controller to demonstrate compliance with the principle of accountability,the cornerstone on which the new European data protection regulation is based.
From this point of view, a correct compilation will help understand the obligations to which it is necessary to respond (rights of the interested parties, collection of consent, identification of the figures, eventual impact assessment) and to adopt the necessary counter measures in relation to the risks of possible events, or to the damages that can be caused to the data subject in the event of breach of their personal data.
After creating the organization,to create a new processing operations register simply go to Menu → Registers and click the +button
UTOPIA allows you to create two types of registers:
After choosing between the two types available you can choose the organization and the location(s) for which we want to create it.
You can create:
In addition to this information, the date of creation and the date of last change will also be shown, allowing you to monitor the days that have elapsed since the last revision was carried out.
After entering this information, you will just have to save the register to begin adding the processing operations that will make up our processing operations register.
With UTOPIA the management is simplified:for each individual processing operation you will have at your disposal the information required by the legislation and, once entered, you can simply export the register to produce a document containing all the information required by the general data protection regulation.
You can do this in the Registers → All Register section and, after having selected the organization, by clicking the button at the top named Export.
The export can be done in two different ways, both in docx format and in csv format.
However, the processing operations register does not have a fixed content. In fact, it is possible and recommended to insert other information if considered useful and important by the owner of the processing operation.
In addition. for processing operations that reveal a high risk, it will be possible to proceed with the impact assessment, and evenin this case the information already recorded will be automatically reported in the appropriate sections without having to insert them again.