Records of processing activities and breaches allow for keeping records of personal data processing activities, such as defining o persons responsible for personal data administration or specifying data processing category.
The record is available from the level of the tab CRM → Activity and Breach Records.
After selecting [Add] button a form for entering data related to the scope and character of personal data is opened.
Side panel contains the following fields:
- ID – a unique ID of an activity record in the YYYY/MM/DD/ID format
- Registry Name – a text field enabling the user to enter a specific record name (optional)
- Basic fields allowing for selecting persons responsible for personal data administration: Controller, Representative and Data Protection Officer, who may be persons selected from the lists of customers/vendors and employees defined in the system. Selecting a customer/vendor/employee from the list displays another list, where it is possible to select address data assigned to a given object.
- Get Data from Company Stamp – this parameter is deactivated by default, available under the field Inspector. It is only possible to select it if a company name is defined on the form of a center of the Company type to which the user is logged on. Selecting the parameter automatically sets the inspector on the basis of a company name and sets the company’s address details as inspector details.
The tab Processing Activity Records is composed of two sections:
- Joint Controllers – it makes it possible to define customers/vendors/employees as the joint controllers of personal data processing. Above the list, there are standard buttons allowing attaching or detaching objects, and exporting them to a spreadsheet. This section presents:
- Name of customer/vendor or employee full name
- Dates From/To specifying the duration of the joint controller function
- Contact Details of a customer/vendor/employee selected by the operator while defining a joint controller
- Description – this field enables the user to define additional information about a joint controller
Processing Activities section makes it possible to specify the categories of personal data, data subjects, and recipients, as well as to register the validation of the transfer of personal data, and determine an envisaged date of their erasure. Selecting the button [Add] opens the activity details form, which contains:
- Number – a unique ID number of activities, assigned automatically upon saving
- Activity Name – a field texts enabling the user to enter an activity name
- Data Processing Purpose – a field text enabling the user to specify the aim of registering a given activity
- Data Subject/Personal Data/Recipient Categories – text field limited to 4000 characters
- Envisaged Data Erasure Dates – text field limited to 4000 characters
In the tab Third Countries – Data Transmission, moreover, the operator may select countries to which personal data will be transferred and add a relevant validation. One country can be selected only once on a given form.
The column Validation is filled out with values retrieved from the generic directory: Reasons for Data Transmission (Configuration → Generic Directories → Processing Personal Data). The user can define own values from the level of the directory.
Additional information for validation can be entered also in Validation Details field.