How to create and manage the register of processing activities

An article to explain how to create and export the register of processing with UTOPIA
Register of processing activities
Creation and management

Record of processing activities, why is it important?

From May 2018 all data controllers and data processors are faced with a new challenge, create and keep constantly updated a list of all data processing operations carried out by the organization.

It will be necessary to take a detailed look at all the information related to each individual processing operation, for example, how and why the data are processed, for how long, if they are communicated or transferred to third parties, what kind of data they are and after how long they are deleted.

Why is it useful?

First of all, as stated in the regulation, the usefulness of the register consists in the possibility of showing the Supervisory Authority a map of the organization in the event of checks or inspections in order to facilitate operations.

Let us not forget that cooperation with the authority will be one of the measures to determine the gradualness of any sanctions.

However, theregister of processing operations is above all a working tool that allows the controller to demonstrate compliance with the principle of accountability,the cornerstone on which the new European data protection regulation is based.

From this point of view, a correct compilation will help understand the obligations to which it is necessary to respond (rights of the interested parties, collection of consent, identification of the figures, eventual impact assessment) and to adopt the necessary counter measures in relation to the risks of possible events, or to the damages that can be caused to the data subject in the event of breach of their personal data.

How do I create the processing operations register within UTOPIA?

After creating the organization,to create a new processing operations register simply go to Menu → Registers and click the +button

UTOPIA allows you to create two types of registers:

  • Register as owner: The owner in this register will be automatically filled in and will coincide with the organisation to which the register relates.
  • Register as controller: The controller in this register will be automatically filled in and will coincide with the organisation to which the register relates.

After choosing between the two types available you can choose the organization and the location(s) for which we want to create it.

You can create:

  • Single location register: the processing operations relate to one and only oneof the locations of which the organisation is composed
  • Multi-location register: the processing operations relate to more than one ofthe locations of which the organization is composed
  • Omni-location register: in this instance we have a single register for alllocations

In addition to this information, the date of creation and the date of last change will also be shown, allowing you to monitor the days that have elapsed since the last revision was carried out.

After entering this information, you will just have to save the register to begin adding the processing operations that will make up our processing operations register.

 

Exporting the register

With UTOPIA the management is simplified:for each individual processing operation you will have at your disposal the information required by the legislation and, once entered, you can simply export the register to produce a document containing all the information required by the general data protection regulation.

You can do this in the Registers All Register section and, after having selected the organization, by clicking the button at the top named Export.

The export can be done in two different ways, both in docx format and in csv format.

However, the processing operations register does not have a fixed content. In fact, it is possible and recommended to insert other information if considered useful and important by the owner of the processing operation.

You won't have to do the job twice

All the information entered in the section dedicated to the register, through the processing operations analysed, will be automatically included in the section relating to the privacy policy.

In addition. for processing operations that reveal a high risk, it will be possible to proceed with the impact assessment, and evenin this case the information already recorded will be automatically reported in the appropriate sections without having to insert them again.

Torna alla documentazione

Create your account for free

Crea il tuo account personale in meno di un minuto e scopri tutte le potenzialità di UTOPIA. Tutto incluso e senza alcuna limitazione, gratuitamente, per 14 giorni.

Already over 1000 customers
No credit card required
Try it for 14 days, with no limitations
By clicking the button the processing conditions are accepted
Iscrizione effettuata con successo!
Si è verificato un errore imprevisto durante l'iscrizione. Riprova...