HOPEX V3 Doc

HOPEX GDPR > Describing Processing Activities in HOPEX GDPR > Describing Processing Activities > Processing Activities Overview

Processing Activities Overview

Additional information to specify

The property page of a processing activity displays general information about the processing activity:

• Processing Activity Name

• ID: identifier

The identifier is automatically computed based on the acronyms of the associated legal entity and department.

• Processing Activity Purpose: enables you to enter free text to describe the purpose of the processing activity

The purpose of a processing activity is the main objective of this processing activity. Examples: satisfaction survey, customer management, site monitoring.

• Data Protection Role: enables you to specify the role played by the legal entity

• "Data Controller"

A data controller is the entity that determines the purposes, conditions and means of the processing of personal data.

It is mandatory to specify a data controller.

• "Data Processor"

A Data Processor is the entity that processes data on behalf of the Data Controller.

• "Joint Controller"

Joint controllers are data controllers who jointly determine the purposes and means of a processing activity.

• Activity Owner

The activity owner provides a detailed description of the processing activity (excluding assessment).

• Details: enter a comment

• Sensitive activities: specify any particular operation carried out in the context of this processing activity that could impact the final risk level.

For more information, see Defining Sensitive Activities.

• Start Date and End Date

• IT Processing / Paper Processing: specify whether the processing activity uses automated or paper means or both

• Persons in charge of processing: enter manually the actual people in charge

Information in read-only mode

Some fields are automatically filled in (they are in read-only mode only):

• Legal Entity

• Department

• DPO

The DPO is defined at the legal entity level.

• DPO deputy

The DPO deputy is defined at the department level.

• National representative

A National Representative is a representative of the legal entity in one of the Member States. Typically, a non-European legal entity should appoint national representatives in all European Member States where there are data subjects whose personal data is processed by the legal entity.

This field provides information on the level of coverage of the European countries. For more information, see Managing national representatives.

• "Full": all representatives for all EU countries have been assigned.

• "Partial": at least one national representative covering at least one EU country has been assigned.

• "No": no representative has been assigned so far

• "N/A": the legal entity is located in the EU; it is not necessary to specify national representatives.

Scope of the processing activity

To define the broad scope of a processing activity:

1. In the processing activity property page, unfold the Scope section at the bottom of the page.

2. Connect:

• Legal Entities

• Departments

• Third Parties

Computed information

The columns of the list of processing activities display computed information based on assessments (whether pre-assessments or DPIAs) such as:

• the assessment date: latest assessment performed

• the assessment status: indicates whether an assessment has be performed

• risk scale

• final compliance level

If no assessments have been performed, the cell remains empty.