Difference between revisions of "Processing Activities"
(→Introduction to Processing Activities) |
|||
| (26 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
== Introduction to Processing Activities == | == Introduction to Processing Activities == | ||
| − | ''Processing activities'' are the core | + | ''Processing activities'' are the core element of ''personal data'' management. Many regulations require them to be documented and assessed. |
| − | + | Privacy-Now® dedicated process enables to record ''processing activities'', to maintain them and to use them for assessment or other tasks related to ''personal data'' management. | |
== Workflow == | == Workflow == | ||
A new ''processing activity'' can be created using the ''Add New'' functionality and choosing "New Processing Activity". | A new ''processing activity'' can be created using the ''Add New'' functionality and choosing "New Processing Activity". | ||
| − | A workflow enables to move the ''processing activities | + | A workflow enables to move the ''processing activities'' in several statuses as shown in the following picture. |
| − | [[File:Processing Activities Workflow ENG v1.0.JPG|centre|thumb|800x800px| | + | [[File:Processing Activities Workflow ENG v1.0.JPG|centre|thumb|800x800px|Processing activities workflow and statuses.]] |
| Line 18: | Line 18: | ||
! Status !! Description | ! Status !! Description | ||
|- | |- | ||
| − | |Default || A | + | |Default || A temporary status when the ''processing activity'' is initially created before the first save. |
|- | |- | ||
| − | | | + | |Draft || A ''processing activity'' in this status is draft. |
|- | |- | ||
| − | | | + | |Active || A ''processing activity'' in this status is actually executed by the ''organization''. |
|- | |- | ||
| − | | | + | |Inactive || A ''processing activity'' in this status is not executed by the ''organization''. Either it was in the past or it will in the future. |
|- | |- | ||
| − | |Cancelled || '' | + | |Cancelled || ''Processing activity'' cancelled. It is still possible to recover a ''processing activity'' from this status by enabled ''users''. |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
|- | |- | ||
|} | |} | ||
== Information == | == Information == | ||
| − | '' | + | ''Processing activities'' records are organized in four sections: |
| − | * <u>''Identification''</u>, where identification data of the '' | + | * <u>''Identification''</u>, where identification data of the ''processing activity'' are recorded, |
| − | * <u>''Ownership & Organization''</u>, containing the assignment of the key roles enabled to manage the '' | + | * <u>''Ownership & Organization''</u>, containing the assignment of the key roles enabled to manage the ''processing activity''; |
| − | * <u>'' | + | * <u>''Characteristics''</u>, with the key attributes of the ''processing activity''; |
| − | * <u>'' | + | * <u>''Information Technology''</u>, with information about the technologies used to process ''personal data'' by the ''processing activivty''. |
| − | |||
| − | + | Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field. | |
| − | + | Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See [[How To]] for more information. | |
== Privileges == | == Privileges == | ||
| − | '' | + | ''Processing activities'' can be created by the ''users'' to whom the corresponding privilege is granted (see [[Users & Groups]] for more information on how to set this privilege). |
| − | The lifecycle of the '' | + | The lifecycle of the ''processing activity'' is managed by the roles described in the table below. ''Groups'' are pre assigned to the roles according to the ''settings'' (see [[Settings]] for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled ''groups'' (see once again [[Settings]] for more information on how to enable ''groups''). |
{| class="wikitable" | {| class="wikitable" | ||
! Role !! Description | ! Role !! Description | ||
|- | |- | ||
| − | |<u>DPO Group</u> || Members of the ''group'' assigned to this role | + | |<u>DPO Group</u> || Members of the ''group'' assigned to this role have full privileges. They can: |
| − | * transition | + | * transition records to any compatible status, |
| − | * update | + | * update fields when possible, |
| − | * update | + | * update ''data sources'' directly in record management, |
| − | + | * revert from "Cancelled" status. | |
| − | |||
|- | |- | ||
| − | |<u>Data | + | |<u>Data Controller Group</u> || Members of the ''group'' assigned to this role have view (read) privileges. |
|- | |- | ||
| − | |<u> | + | |<u>Data Processor Group</u> || Members of the ''group'' assigned to this role have view (read) privileges. |
| − | |||
| − | |||
|- | |- | ||
| − | |<u> | + | |<u>Auditors Team</u> || Members of the ''group'' assigned to this role have view (read) privileges. |
|- | |- | ||
| − | |<u>Owner</u> || This role can be assigned to a single user among members of the '' | + | |<u>DPA Owner</u> || This role can be assigned to a single user among members of the ''DPO group'' or the ''Data Controller Group''. The <u>DPA Owner</u> has several privileges: |
| − | * transition | + | * transition to any compatible status, |
| − | * update | + | * update fields when possible. |
|} | |} | ||
| − | == | + | == Reports == |
| − | + | The list of ''processing activities'' can be filtered and exported to excel format from the ''view'' '''''Processing Activities'''''. | |
| − | + | Finally, it is possible to print the ''processing activity'' card using the '''Print''' command positioned up right in the ''<u>General</u>'' form of the ''processing activity'' record. | |
| − | |||
== Related processes == | == Related processes == | ||
| − | + | Many other entities can be related to ''processing activity'' records, in particular: | |
| + | * ''access requests'', | ||
| + | * ''actions'', | ||
| + | * ''impact assessments'', | ||
| + | * ''risks''. | ||
Latest revision as of 11:03, 31 October 2019
Contents
Introduction to Processing Activities
Processing activities are the core element of personal data management. Many regulations require them to be documented and assessed.
Privacy-Now® dedicated process enables to record processing activities, to maintain them and to use them for assessment or other tasks related to personal data management.
Workflow
A new processing activity can be created using the Add New functionality and choosing "New Processing Activity".
A workflow enables to move the processing activities in several statuses as shown in the following picture.
The following table explains the meaning of each status:
| Status | Description |
|---|---|
| Default | A temporary status when the processing activity is initially created before the first save. |
| Draft | A processing activity in this status is draft. |
| Active | A processing activity in this status is actually executed by the organization. |
| Inactive | A processing activity in this status is not executed by the organization. Either it was in the past or it will in the future. |
| Cancelled | Processing activity cancelled. It is still possible to recover a processing activity from this status by enabled users. |
Information
Processing activities records are organized in four sections:
- Identification, where identification data of the processing activity are recorded,
- Ownership & Organization, containing the assignment of the key roles enabled to manage the processing activity;
- Characteristics, with the key attributes of the processing activity;
- Information Technology, with information about the technologies used to process personal data by the processing activivty.
Detailed information on the meaning and use of every field can be found by pointing the mouse on the (i) next to each field. This will activate a tooltip with a brief description of the field.
Additional information can be found in the secondary forms of the record: attachments, related items, messages and history. See How To for more information.
Privileges
Processing activities can be created by the users to whom the corresponding privilege is granted (see Users & Groups for more information on how to set this privilege).
The lifecycle of the processing activity is managed by the roles described in the table below. Groups are pre assigned to the roles according to the settings (see Settings for more information on how to set these defaults). Initial assignments can be modified according to privileges choosing among the enabled groups (see once again Settings for more information on how to enable groups).
| Role | Description |
|---|---|
| DPO Group | Members of the group assigned to this role have full privileges. They can:
|
| Data Controller Group | Members of the group assigned to this role have view (read) privileges. |
| Data Processor Group | Members of the group assigned to this role have view (read) privileges. |
| Auditors Team | Members of the group assigned to this role have view (read) privileges. |
| DPA Owner | This role can be assigned to a single user among members of the DPO group or the Data Controller Group. The DPA Owner has several privileges:
|
Reports
The list of processing activities can be filtered and exported to excel format from the view Processing Activities.
Finally, it is possible to print the processing activity card using the Print command positioned up right in the General form of the processing activity record.
Related processes
Many other entities can be related to processing activity records, in particular:
- access requests,
- actions,
- impact assessments,
- risks.
