Records of processing activities and breaches allow for keeping records of personal data processing activities, such as defining o persons responsible for personal data administration or specifying data processing category.

The record is available from the level of the tab CRM → Activity and Breach Records.

After selecting [Add] button a form for entering data related to the scope and character of personal data is opened.

Side panel contains the following fields:

• ID – a unique ID of an activity record in the YYYY/MM/DD/ID format
• Registry Name – a text field enabling the user to enter a specific record name (optional)
• Basic fields allowing for selecting persons responsible for personal data administration: Controller, Representative and Data Protection Officer, who may be persons selected from the lists of customers/vendors and employees defined in the system.  Selecting a customer/vendor/employee from the list displays another list, where it is   possible to select address data assigned to a given object.
• Get Data from Company Stamp – this parameter is deactivated by default, available under the field Inspector. It is only possible to select it if a company name is defined on the form of a center of the Company type to which the user is logged on.  Selecting the parameter automatically sets the inspector on the basis of a company name and sets the company’s address details as inspector details.

The tab Processing Activity Records is composed of two sections:

• Joint Controllers – it makes it possible to define customers/vendors/employees as the joint controllers of personal data processing. Above the list, there are standard buttons allowing attaching or detaching objects, and exporting them to a spreadsheet. This section presents:
• Name of customer/vendor or employee full name
• Dates From/To specifying the duration of the joint controller function
• Contact Details of a customer/vendor/employee selected by the operator while defining a joint controller
• Description – this field enables the user to define additional information about a joint controller

Processing Activities section makes it possible to specify the categories of personal data, data subjects, and   recipients, as well as to register the validation of the transfer of personal data, and determine an envisaged date of their erasure.   Selecting the button [Add] opens the activity details form, which contains:

• Number – a unique ID number of activities, assigned automatically upon saving
• Activity Name – a field texts enabling the user to enter an activity name
• Data Processing Purpose – a field text enabling the user to specify the aim of registering a given activity
• Data Subject/Personal Data/Recipient Categories – text field limited to 4000 characters
• Envisaged Data Erasure Dates – text field limited to 4000 characters

In the tab Third Countries – Data Transmission, moreover, the operator may select countries to which personal data will be transferred and add a relevant validation.  One country can be selected only once on a given form.

The column Validation is filled out with values retrieved from the generic directory: Reasons for Data Transmission (Configuration → Generic Directories → Processing Personal Data).  The user can define own values from the level of the directory.

Additional information for validation can be entered also in Validation Details field.

Breaches allows inspector for registering cases of breaches in personal data protection and generate a printout   containing information on the registered breach.

Breaches are available from the level of the menu CRM → Records of processing activities and breaches → tab Breaches. Selecting the button [Add] opens a breach details form which   is composed of the following sections:

The header contains basic information regarding breach, such us:

• Protection Officer – a field opening the list of customers/vendors/employees in the selection mode.  By default, a protection officer selected in Processing activity records is retrieved. The field is mandatory.
• Number of records concerned – a numeric field specifying the number of data records in connection to which a breach has been registered
• Date of Breach – the date of a breach in personal data protection; it can be later than neither the notification date, nor the current date
• Breach reported – this parameter is deselected by default; once it is selected, the user is enabled to fill in details relevant for the report
• Notification Date – a date presented upon selecting the parameter Breach reported; it cannot be later than the date of breach. By default, it retrieves the current date.

Tab General contains text fields, in which the operator can describe breach details, such us:

• Nature of personal data breach
• Category and approximate number of data subjects concerned
• Likely consequences of personal data breach
• Measures taken/proposed to be taken to address the breach or to mitigate its adverse effects

Additionally, if the parameter Breach reported has not been selected, the tab presents another field, Reason for failure to notify a breach

To withdraw a registered consent, it is necessary to uncheck parameter Active on a selected form.

Consent form is available from the level of the menu CRM → Consent Records.

After deactivating a consent, the following fields appear on the form:

• Withdrawal Date – field defining the date when a consent has been withdrawn

• Reason for Withdrawal – field filled out with values retrieved from a generic directory (Configuration → Generic Directories → Processing Personal Data   → Reason for Withdrawal of Consent). The operator can add new values to the directory and to define one of them as the default one.
• Withdrawal Source – values for this field are retrieved from a generic directory (Configuration → Generic Directories → Processing Personal Data → Source of Consent Withdrawal). In case there are no values in the directory, the name of the center to which the operator is currently logged-on, is indicated on the form.

From the level of the consent record list (CRM → Consent Records) and the tab Consents To Personal Data Processing available on the forms of:

• customer/vendor
• contact person
• employee,

it is possible to add and withdraw consents for a selected consent giver. Selecting the button [Add In Single Batch]/[Withdraw in Single Batch] opens a window enabling the ergonomic registration of   received consents.

Window of batch addition of consent contains the same fields as the consent form.

To add consents in batch, it is necessary to:

• select Consent Giver
• check selected Consent Categories
• complete associated addresses/contacts, in case for a given Consent Wording option Refers To Communication Channel has been checked in the generic directory.

After completing mandatory fields and checking Create parameter, [Generate] button will be activated. Upon clicking on it, consents presented on the list of consent records will be generated

To withdraw selected consents in batch for a specific consent giver, it is necessary to select the button [Withdraw in Single Batch]. A window with all valid consents is open. To withdraw selected consent, it is necessary to check Withdraw parameter.

Consent record allows for managing all consents for processing personal data registered in the system and makes it possible to quickly verify all received consents.

The consent record is available from the level of the menu CRM → Consent Records. After selecting [Add] button a consent form is opened.

Before adding a consent, first it is necessary to define values of generic directory Consents (Configuration → Generic Directories → Processing of personal data → Consents). Consents can be associated with consent categories, selected regulation or related communication channels.

To save a new consent, it is necessary to fill in the following fields:

• Person Giving Consent – in this field, it is possible to open the list of customers/vendors/employees/contact persons
• Consent Category – it is filled out with a value retrieved from a generic directory (Configuration → Generic   Directories → Processing Personal Data → Consent Categories).  The operator can add new values to the directory and to define one of them as the default one.
• Title – it is filled out with a value retrieved from a generic directory (Configuration → Generic Directories → Processing Personal Data → Consents).  The list is narrowed down to consent titles associated with a previously selected consent category, and whose date specified in the field Effective From is no later than a current date.

In addition, the following fields are also available on the form:

• ID – a unique consent number assigned automatically consent’s creation
• Consent Date – by default, it is the current date (it cannot be later than the current date), determining the   date when a given consent has been entered
• Source – a single-choice selection list containing values defined by users in a generic directory (Configuration   → Generic Directories→ Processing Personal Data → Sources of Consent). By default, the field is filled out with a value specified as default in the directory or, if there is no default value, it is filled out with a center to   which the operator is logged on.
• Related Address – a single-choice selection list where it is possible to select one of active addresses of a given object. This field remains empty and greyed out if:
  • no value has been entered in the field Title
  • the option Addresses has not been selected for the parameter Refers To Communication Channel in the generic directory Consents. The directory is available from the level of Configuration → Generic Directories → Processing of personal data → Consents.
• Related Contact – a single-choice selection list where it is possible to select active contact details of a given object. This field remains empty and greyed out if:
  • no value has been entered in the field Title
  • the option Contacts has not been selected for the parameter Refers To Communication Channel in the generic directory Consents
• Related Regulations – this field allows adding an attachment. By default, the field presents the name of an attachment selected in the column Related Regulations in the generic directory Consents.