Step 2: Map your personal data processing and draw up a register
After training in data processing mapping and interviewing data processing managers, you will identify your first data processing operations below:
# | Department | Personal data processing | Support / application | DPIA required? |
1 | HR | Recruitment management | Linkedin (external) | No |
2 | HR | Payroll management | Payfit (external) | No |
3 | HR | Staff management | Microsoft Office | No |
4 | Central secretariat | Works Council data management | Internal application | No |
5 | Output | Quality control | Microsoft Office | No |
6 | Marketing & Sales | Customers management | Salesforce (external) | No |
7 | Marketing & Sales | Sending promotional emails | Mailjet (external) | No |
8 | Marketing & Sales | Prospect profiling | Salesforce | Yes |
9 | Security | Building entry/exit management | IBM | Yes |
10 | Security | Anteriority check | Microsoft Office | No |
11 | IT | Software development | Microsoft Azure (external) | No |
12 | IT | Application maintenance | CGI (external) | No |
13 | Legal | Contract management | Microsoft Office | No |
14 | Purchases | Suppliers management | SAP (external) | No |
Then complete your record in Dastra:
Record of processing activitiesA good way to start designing your record is to first import your existing records in excel format, if available, as well as your repositories of actors, applications, subcontractors, data and retention rules. This way, once all your repositories have been integrated, you'll save time during data entry.
Then fill in all the information required for treatment by following the steps described in the link below.
Declare a processing activityYou share the record with all data controllers as well as your network of GDPR correspondents and ask for validation from all stakeholders.
Share the record of processingThat's it, your record is set up and your treatments are ready to be protected!
Dernière mise à jour