HOPEX V2R1U3 Doc

The information collected in the record of processing is the core of the GDPR documentation system. It must remain available at all times in the event it is requested by the Data Protection Authority.

The Data Protection Authority is a national authority tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union.

The record of processing is about who processes what personal data, where, why, and how.

Creating a record of processing

To generate a record of processing in the form of a Word document:

1. In the navigation menu, click Record of Processing.

2. Select a processing activity and from the Reports drop-down button select Record of Processing.

A Word document is generated. The contents is as follows:

• Introduction: it describes data subject rights, the principle of data transfers and security measures.

• List of all processing activities

• Detailed description of the processing activity selected

• Data protection role

See Processing Activities Overview.

• Sensitive activities

See Processing Activities Overview.

• Legal basis

See Processing Activities Legal Basis.

• Data categories and Data subject categories

See Processing Activities Overview.

• Notice and consent management

See Data Subject Right and Notice Management.

• Data subject rights

See Data Subject Right and Notice Management.

• Transfers to third parties

See Data Transfers and Security Measures.

• Security measures

See Data Transfers and Security Measures.

• Sub-processing elements

See Processing Activities Overview.

• Attachments

See Contractual Agreements and Other Attachments.

Inconsistency report and dashboard

See Accessing Processing-Related Reports.

Some reports may help you track the inconsistencies between processing activities and sub-processing activities.

For a description of these reports, see:

• Consistency Report

The Consistency report also enables you to remove/add elements related to rights and transfers.

• Inconsistency dashboard

Cross-border transfer map

You can generate a cross-border transfer map displaying a world map with the data transfers selected.

See Accessing Processing-Related Reports.

Pre-requisites to using cross-border transfer map

Make sure that:

• a country was specified on the HQ establishment of the legal entities involved.

For more information, see Specifying the country of a legal entity.

• you specified both a recipient and a sender on the transfer

For more information, see Specifying data transfers on a processing activity

Content of the transfer map

The country of the recipient determines whether the transfer is adequate or not.

If a transfer is non-adequate, you can source the target establishment and discover which safeguards are implemented in this establishment. For more information on safeguards, see Transfer safeguards.

You can use the mouse wheel to zoom in or out.

Additional information about transfers

For more information on how to create transfers, see Specifying data transfers on a processing activity.

For troubleshooting, see About Transfers.