Step 2: Map your personal data processing and draw up a register

After training in data processing mapping and interviewing data processing managers, you will identify your first data processing operations below:

#

Department

Personal data processing

Support / application

DPIA required?

1

HR

Recruitment management

Linkedin (external)

No

2

HR

Payroll management

Payfit (external)

No

3

HR

Staff management

Microsoft Office

No

4

Central secretariat

Works Council data management

Internal application

No

5

Output

Quality control

Microsoft Office

No

6

Marketing & Sales

Customers management

Salesforce (external)

No

7

Marketing & Sales

Sending promotional emails

Mailjet (external)

No

8

Marketing & Sales

Prospect profiling

Salesforce

Yes

9

Security

Building entry/exit management

IBM

Yes

10

Security

Anteriority check

Microsoft Office

No

11

IT

Software development

Microsoft Azure (external)

No

12

IT

Application maintenance

CGI (external)

No

13

Legal

Contract management

Microsoft Office

No

14

Purchases

Suppliers management

SAP (external)

No

Then complete your record in Dastra:

Record of processing activities

A good way to start designing your record is to first import your existing records in excel format, if available, as well as your repositories of actors, applications, subcontractors, data and retention rules. This way, once all your repositories have been integrated, you'll save time during data entry.

Then fill in all the information required for treatment by following the steps described in the link below.

Declare a processing activity

You share the record with all data controllers as well as your network of GDPR correspondents and ask for validation from all stakeholders.

Share the record of processing

That's it, your record is set up and your treatments are ready to be protected!

Dernière mise à jour