Contrary to common belief, the GDPR is not aimed at imposing million-dollar fines on as many companies as possible. The GDPR gives individuals more control over their personal information and encourages businesses to treat data more carefully.
To comply with all the privacy rules, businesses must understand what information is collected, what happens to it, why it is being processed, and how long it is being processed. Essentially, you should be attentive to the flow of personal information as well as you are to monetary transactions. However, the accounting department should not be responsible for keeping track. The solution lies in a record of processing activities (hereinafter – RoPA) that must be maintained by each controller following Article 30 of the GDPR.
It is a table containing the following columns: 1) processing activities and the categories of personal data necessary for their implementation and 2) legal bases. There is also information concerning cross-border data transfers and, in some cases, the planned terms of deleting certain categories of personal data as well as a description of technical and organizational security measures. As well as many other things.
To identify processes where personal data are involved, the consultant conducts several online meetings, during which we can gather necessary information and also answer questions
Based on the information obtained in the interviews, the consultant organizes the flows of personal data, retention periods, purposes, and legal bases for processing, and describes the set of systems and contractors involved in the processing.
Then, the consultant explains in detail how the RoPA operates and makes further recommendations on what should be done for compliance with the GDPR.
A completed RoPA includes links between the tables. This makes it easy for you to set up a convenient display of what data, when, and in what information system should be deleted.
On behalf of the GoingGlobal.io company, we would like to thank the training and consulting company DPO Europe for their excellent service.
Co-founder & COO
Please contact us to schedule an online meeting with a privacy expert!
P.S. Didn’t find anything that suited your needs on the site? Put a brief description of your situation into the “Comment” field. We are very flexible and offer personalized solutions.