Complete a data processing activity

Learn how to fill in 100% of the information relating to a single data processing in your register.

A processing creation process that guides you step by step

The Dastra application guides you through each step of the process of creating a processing, while remaining autonomous. Benefit from advice and become compliant with the GDPR requirements.

What is the Dastra processing questionnaire?

The Dastra processing questionnaire is there to help you provide all the information necessary for a given data processing activity in the most fluid and fastest way possible. It consists of 12 steps to follow to fill in all the information relating to data processing.

The 12 steps are:

  • General information - This section allows you to enter general information on the processing of personal data, such as its name and description.

General information
  • Stakeholders - This section allows you to list the stakeholders in charge of the data processing or actors other than the data controller and the DPO.

Stakeholders
  • Purpose - Description of the purposes of processing personal data.

Purposes
  • Dataset - Lists the different categories of data processed during this processing and their retention policy.

Dataset
  • Assets - This section allows you to list the applications, internal or external to the organization, supporting the execution of the data processing concerned.

Assets
  • Data subjects - Contains the list of data subjects of the processing of personal data.

Data subjects
  • Data subjects rights (DSR) - Detail the methods available to the data subjects to exercise each of their rights.

Data subjects rights (DSR)
  • Recipients - This section lists the recipients of the processing data. This is where you can declare a data transfer outside the EU.

RecipientsData transfers outside the EU
  • Security measures - Describes the organizational and technical security measures planned to preserve the security of data.

Security measures
  • High risk processing assessment - Assess the risk of the processing. If it's a high risk, you need a Privacy Impact Assessment (PIA).

Impact analysis
  • Documentation - In this space, you can upload any additional document for your data processing activity (for example, Code of ethics, privacy policy, etc.).

Documentation
  • Summary - Synthesis of the above.

Once you have entered the information you have, you can start identifying what remains to be done.

Planning

Dernière mise à jour