đź“• The General Data Protection Regulation (GDPR) has an impact on all companies using users Data. It actually strenghtens the existing obligations such as the information obligation on personal data of users.
In addition, the Article 30 of GDPR state that it is mandatory to keep a Register of Processing for both Data Controller and controller's representatives :
- “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.”;
- “ Each processor and, where applicable, the processor's representative shall maintain a record of all categories of processing activities carried out on behalf of a controller”.
They need to keep records and make them available anytime to the Data Protection Authority if whenever they ask it.
This implies several steps :
- Mapping the personal data processing
- Mapping the controller representatives and receivers
- Mapping out of UE data transfer
- Check the integrity and security of data
- Determine clear and legitimate purposes for processing
- Establish rules for removal of database
- Establish a register of processing
The Register Processing tool offered by Didomi allows you to establish your Register of processing in a few clicks. Indeed, the Data Protection Officer (or any authorized person) can create and edit the processing forms and have a global overview on the processing of the company.
This convenient and easy tool allows you to be compliant with this obligation and you can publish the processing you want in your Privacy Center. Indeed, some available sections in your Register correspond to information you must provide to users you are collecting data from. (purposes, legal basis, external sources and stacks involved, receivers, countries and adequate protections, retention period).
Didomi allows you to automatically link your processing forms to the information you are giving to the users in your Privacy Center. You can publish the processing you want in your Privacy center in a few clicks in the Privacy Center tab of the Console and then update the mandatory information in time.
The tool includes customizable processing database approved by data protections authorities (such as CNIL) and a simple and fast workflow to register and manage processing. It is suitable for beginners and advanced users.
🔎 We recommend establishing each processing form by relevant internal services of your company, closest to the data usage (HR service for the employees data processing, sales department for the customers data processing, etc.) and to submit for review, completion and validation this processing to the person who is in charge of the data protection (internal or external DPO, legal department or lawyer.)
This tool is a way to centralize all your processing and to have an easy to access and clear register of processing.
It enables to be compliant to the Article 12 to 14 (information to the persons) and 30 (Register Establishment) of the GDPR.
🔎 The Didomi solutions don't require any previous integration. The Management of the Register of Processing tool is available online. (https://console.didomi.io + user login).