HOPEX Aquila EN

PRIVACY - Privacy Management > Describing Processing Activities > Processing Activity Details > Processed Personal Data

Processed Personal Data

To create processed personal data in HOPEX Privacy Management:

1. Open the processing activity properties.

2. In the Details > Processed Personal Data section, click New.

In this window you can specify the following information:

• Data categories

• Data subjects

• Number of records: corresponds to the number of data subjects in your records of processing.

• Minimization

Minimization is a principle stating that personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

see Qualifying Minimization

• Retention period

see Specifying the retention period on a processing activity

Qualifying Minimization

Minimization is an important principle of the European Union's General Data Protection Regulation (GDPR) and other data protection laws.

Personal data should be adequate, relevant and limited to what is necessary in relation to the purposes for with they are processed. Additionally, data collected for one purpose cannot be re-purposed without further consent.

Possible minimization values	Meaning
Low/Very low	Too much information is used
High	The information used is strictly what is needed

The Privacy team can later give a compliance score for the Personal Data Risk section based on the information completed by the processing activity owner:

Select a value from the Data Mininization Compliance Level drop-down menu.

Viewing the computed risk

On creation of the processed personal data, the Risk is automatically computed based on the highest risk scale specified by the functional administrator in the Key elements section (for the concerned data categories and data subject categories).

A risk represents any risk related to data privacy that should be identified and assessed during a DPIA process.

For more information on the initial risk scales filled in by the functional administrator, see Defining Data Categories and Data Subject Categories.

Specifying the retention period on a processing activity

Specifying a retention period on your processing activity is essential. The actual retention period may be determined by local laws.

After specifying the actual retention period, the goal retention period is compared to the actual one. The color of the icon indicates how compliant you are with your initial goal.

The goal retention period corresponds to the lowest default retention period of the selected data categories.