Verarbeitungsregister/en: Unterschied zwischen den Versionen
Aus HITGuard User Guide
Weitere Optionen
Isan (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung |
Isan (Diskussion | Beiträge) Keine Bearbeitungszusammenfassung Markierungen: mobile web edit mobile edit |
||
| (79 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
== <span id="Verarbeitungstätigkeiten"></span>Processing | <span id="Verarbeitungstätigkeiten_(VTs)"></span> | ||
== <span id="Verarbeitungstätigkeiten"></span>Processing activities (PAs) == | |||
Processing activities are processes of an organizational unit that process personal data. | Processing activities are processes of an organizational unit that process personal data. | ||
Under "Data Protection → Processing | Under "Data Protection → Processing register → <u>Processing activities</u> | Organization register | Company cegister", a data protection expert sees all processing activities that exist in the data protection management system. A data protection professional sees all processing activities for which they are responsible in some form. | ||
Here, new processing activities can be recorded, existing ones can be updated and processing activities that are no longer active can be deactivated. | Here, new processing activities can be recorded, existing ones can be updated and processing activities that are no longer active can be deactivated.<br> | ||
It is also possible to generate a printout (as a PDF or Word-file) of the processing activity for an authority, in compliance with the General Data Protection Regulation. | It is also possible to generate a printout (as a PDF or Word-file) of the processing activity for an authority, in compliance with the General Data Protection Regulation. | ||
[[Media:Verarbeitungstätigkeit neu.pdf | Example of a processing activity printout]] | |||
[[Media: | |||
The data protection officers of the organizational units are listed in the printouts of the processing activities. The data protection officers can be recorded under [[Special:MyLanguage/OrgEh_-_Organisationseinheiten#org_unit|"Administration → OrgUnits"]]. | |||
The data protection officers of the organizational units are listed in the processing | |||
Furthermore, it can be displayed whether data protection impact assessments are available for the processing activities. For this purpose, the columns "DPIA" and "DPIA state" must be activated in the column selection. | |||
Furthermore, it can be displayed whether data protection impact assessments are available for the processing activities. For this purpose, the columns " | |||
[[Datei:Verarbeitungsregister Übersicht.png|left|thumb|901px|Overview of processing activities]]<br clear=all> | [[Datei:Verarbeitungsregister Übersicht.png|left|thumb|901px|Overview of processing activities]]<br clear=all> | ||
< | <span id="Verarbeitungstätigkeit_erstellen/bearbeiten/aktualisieren/kopieren/deaktivieren"></span> | ||
=== <span id="Create processing activity"></span>Create / edit / update / copy / deactivate processing activity=== | === <span id="Create processing activity"></span>Create/edit/update/copy/deactivate processing activity=== | ||
<b>Create</b> | <b>Create</b> | ||
*To create a processing activity, click on the "Plus" button in the overview. Here you fill in the processing activity or have the | *To create a processing activity, click on the "Plus" button in the overview. Here, you fill in the processing activity or have the advisor fill it in. | ||
*[[ | *[[Processing activity|create PA]] | ||
<b>edit</b> | <b>edit</b> | ||
* To edit a processing activity, double-click on it. You will then be redirected to the | * To edit a processing activity, double-click on it. You will then be redirected to the editing form. | ||
* | * Note: Only processing activities that have not yet been completed can be edited. | ||
*[[ | *[[Processing activity|edit PA]] | ||
<b>update</b> | <b>update</b> | ||
* If a processing activity is no longer up to date | * If a processing activity in the most recent version is no longer up to date and therefore needs to be adapted, it is possible to update it. | ||
* To update a processing activity, | * To update a processing activity, select the desired processing activity by simply clicking on it. Then click on the "Create update" button at the top. This will copy the processing activity, raise it to a new version, set it to "Draft" status and take you to the new processing activity - as long as it is not completed, the old version will apply! | ||
* If at least one of the previous versions of the processing activity was linked to a DPIA, the user is made aware of it and can check whether the DPIA needs to be linked and updated with the new version of the processing activity. | |||
* The new version can be edited by the user. | * The new version can be edited by the user. | ||
* [[ | * [[Processing activity|update PA]] | ||
<b>copy</b> | <b>copy</b> | ||
* If a processing activity is needed more than once | * If a processing activity is needed more than once, it is possible to copy it. | ||
* The copy can be customized and modified as desired. | * The copy can be customized and modified as desired. | ||
<b>deactivate</b> | <b>deactivate</b> | ||
* To deactivate a processing activity, | * To deactivate a processing activity, select the desired processing activity by simply clicking on it. You must then click on the "Annul processing activity" button at the top. | ||
* This button is only visible to data protection experts. | |||
* Processing activities can only be deactivated. Since a history is maintained, deletion is prevented. | * Processing activities can only be deactivated. Since a history is maintained, deletion is prevented. | ||
* Deactivating a processing activity means | * Deactivating a processing activity generally means that the processing activity is no longer carried out in this form. | ||
<span id="Organisationsregister"></span> | |||
== <span id="Organizational register"></span>Organizational register == | == <span id="Organizational register"></span>Organizational register == | ||
An organizational register is an overview of all processes that process personal data in the selected organizational unit(s). An organizational register is below a company register in the hierarchy. This model should reflect your corporate structure. | |||
An organizational register is | |||
Under "Data protection → Processing register → Processing activities | <u>Organizational register</u> | Company register", a data protection expert sees all organization registers that exist in the data protection management system. A data protection professional sees all organizational registers they are responsible for. | |||
Under "Data protection → Processing register → Processing activities | <u> | |||
[[Datei:Organisationsregister Überischt.png|left|thumb|900px|Overview of the | [[Datei:Organisationsregister Überischt.png|left|thumb|900px|Overview of the organizational registers]]<br clear=all> | ||
New organizational registers can be | New organizational registers can be created here, existing ones can be edited and those that are no longer required can be deleted. | ||
It is possible to generate a printout (as a PDF or Word-file) of the organizational register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to an organizational register. | |||
It is possible | |||
< | <span id="Organisationsregister_erstellen/bearbeiten/löschen"></span> | ||
=== <span id="Create organization register"></span>Create / edit / delete | === <span id="Create organization register"></span>Create/edit/delete organizational register=== | ||
The following section describes how to create, edit and delete an | The following section describes how to create, edit and delete an organizational register. | ||
[[Datei:Organisationsregister bearbeiten.png|left|thumb|900px|Edit | [[Datei:Organisationsregister bearbeiten.png|left|thumb|900px|Edit organizational register]]<br clear=all> | ||
<b>create</b> | <b>create</b> | ||
*To create an organizational register, click on the "Plus" button in the overview and then fill in the | *To create an organizational register, click on the "Plus" button in the overview and then fill in the form. | ||
<b>edit</b> | <b>edit</b> | ||
*To edit an | *To edit an organizational register, double-click on it. You will then be redirected to the editing form. | ||
<b>delete</b> | <b>delete</b> | ||
*To delete an | *To delete an organizational register, double-click on the desired organizational register and then click on the red "trash can" button. | ||
* | * Note: When you delete an organizational register, all links to the processing activities as well as the association to the company register will be removed. | ||
==== <span id="Data of the organization register"></span>Data of the | <span id="Daten_des_Organisationsregisters"></span> | ||
==== <span id="Data of the organization register"></span>Data of the organizational register ==== | |||
<u>OrgEh:</u> | <u>OrgEh:</u> Here, state which organizational unit this register belongs to. | ||
<u>Abbreviation and designation:</u> | <u>Abbreviation and designation:</u> | ||
* Abbreviation: | * Abbreviation: how the register will be abbreviated. | ||
* Designation: | * Designation: what the register should be called. | ||
<u>Description:</u> Here, describe the register's thematic focus: for example, it could be an employee register of the HR department that processes personal employee data. | |||
<u>Description:</u> | |||
<u>Responsible:</u> The person responsible for this register. An individual person or a team can be entered here. | |||
<u>Responsible:</u> | |||
<u>Company register:</u> | <u>Company register:</u> The superordinate company register should be entered here (e.g. the register of the group). | ||
<span id="Zugeordnete_Verarbeitungstätigkeiten"></span> | |||
==== <span id="Assigned processing activities"></span>Assigned processing activities ==== | ==== <span id="Assigned processing activities"></span>Assigned processing activities ==== | ||
All processing activities assigned to the | All processing activities assigned to the organizational register are listed here. | ||
Here, it is possible to assign already existing processing activities without an organizational register to this organizational register by clicking the "chain" icon. Clicking the "plus" button creates a new processing activity for this organization register. By clicking the red "chain" icon, the assignment of the processing activity to the organizational register can be removed. | |||
Here it is possible to assign already existing processing activities without an organizational register to this organizational register by clicking the chain icon. Clicking the plus button creates a new processing activity for this organization register. By clicking the red chain icon, the assignment of the processing activity to the | |||
<span id="Gesellschaftsregister"></span> | |||
== <span id="Gesellschaftsregister"></span>Company register== | == <span id="Gesellschaftsregister"></span>Company register== | ||
A company register is | A company register is an overview that lists all organizational registers assigned to the company. | ||
Under "Data protection → Processing register → Processing activities | Organizational register | <u>Company register</u>", a data protection expert sees all company registers that exist in the data protection management system. A data protection professional sees all the company registers they are responsible for. | |||
Under "Data protection → Processing register → Processing activities | Organizational register | <u>Company register</u>", a data protection | |||
[[Datei:Gesellschaftsregister Überischt.png|left|thumb| | [[Datei:Gesellschaftsregister Überischt.png|left|thumb|901px|Overview of the company registers]]<br clear=all> | ||
New company registers can be | New company registers can be created here, existing ones can be edited and those that are no longer required can be deleted. | ||
It is possible to generate a printout (as a PDF or Word-file) of the company register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to the company register or the assigned organizational register(s). | |||
It is possible | |||
The data protection officers of the organizational units are listed in the printouts of the company registers. The data protection officers can be recorded under [[Special:MyLanguage/OrgEh_-_Organizational_Units#org_unit|"Administration → OrgUnits"]]. | |||
The data protection officers of the organizational units are listed in the | |||
< | <span id="Gesellschaftsregister_erstellen/bearbeiten/löschen"></span> | ||
=== <span id="Create company register"></span>Create / edit / delete company register=== | === <span id="Create company register"></span>Create/edit/delete company register=== | ||
This section explains the data of a company register. | This section explains the data of a company register. | ||
[[Datei:Gesellschaftsregister bearbeiten.png|left|thumb| | [[Datei:Gesellschaftsregister bearbeiten.png|left|thumb|901px|Edit company register]]<br clear=all> | ||
<b>create</b> | <b>create</b> | ||
*To create a company register, click on the plus button in the overview and then fill in the | *To create a company register, click on the "plus" button in the overview and then fill in the form. | ||
<b>edit</b> | <b>edit</b> | ||
*To edit a company register, double click on it. You will then be redirected to the edit screen. | *To edit a company register, double-click on it. You will then be redirected to the edit screen. | ||
<b>delete</b> | <b>delete</b> | ||
*To delete a company register, double click on it and then click | *To delete a company register, double-click on it and then click the red "trash can" button. | ||
* | * Note: When you delete a company register, all links to processing activities and organization registers are removed. | ||
<span id="Daten_des_Gesellschaftsregisters"></span> | |||
==== <span id="Daten des Gesellschaftsregisters"></span>Data of the company register ==== | ==== <span id="Daten des Gesellschaftsregisters"></span>Data of the company register ==== | ||
<u>OrgEh:</u> | <u>OrgEh:</u> | ||
* The organizational unit from which this register originates is entered here. | * The organizational unit from which this register originates is entered here. | ||
* Next to the organizational unit, it is stated who the data protection officer of this organizational unit is. | * Next to the organizational unit, it is stated who the data protection officer of this organizational unit is. | ||
<u>Abbreviation and designation:</u> | <u>Abbreviation and designation:</u> | ||
* Abbreviation: | * Abbreviation: how the register should be abbreviated. | ||
* Designation: | * Designation: what the register should be called. | ||
<u>Description:</u> Here, describe which part of the organizational structure the company registers covers. | |||
<u>Description:</u> | |||
<u> | <u>Responsible:</u> The person responsible for this register. An individual person or a team can be entered here. | ||
<u>Representatives of the OrgUnit:</u> Persons representing the organizational unit where the register is concerned are entered here. It is not necessary for this to be a HITGuard user; you could also enter an external data protection officer and their contact information in this text field. | |||
<u>Representatives of the | |||
==== <span id="Assigned Organizational Registers"></span>Assigned | <span id="Zugeordnete_Organisationsregister"></span> | ||
==== <span id="Assigned Organizational Registers"></span>Assigned organizational registers==== | |||
All | All organizational registers assigned to the company register are listed here. | ||
Here, it is possible to assign already existing organizational registers without a company register to a company register by clicking the "chain" symbol, or to create a new organizational register for this company register by clicking the "plus" button. Clicking the red "chain" symbol cancels the assignment of a organizational register to the company register. | |||
Here it is possible | |||
Aktuelle Version vom 23. November 2023, 14:30 Uhr
Processing activities (PAs)
Processing activities are processes of an organizational unit that process personal data.
Under "Data Protection → Processing register → Processing activities | Organization register | Company cegister", a data protection expert sees all processing activities that exist in the data protection management system. A data protection professional sees all processing activities for which they are responsible in some form.
Here, new processing activities can be recorded, existing ones can be updated and processing activities that are no longer active can be deactivated.
It is also possible to generate a printout (as a PDF or Word-file) of the processing activity for an authority, in compliance with the General Data Protection Regulation.
Example of a processing activity printout
The data protection officers of the organizational units are listed in the printouts of the processing activities. The data protection officers can be recorded under "Administration → OrgUnits".
Furthermore, it can be displayed whether data protection impact assessments are available for the processing activities. For this purpose, the columns "DPIA" and "DPIA state" must be activated in the column selection.
Create/edit/update/copy/deactivate processing activity
Create
- To create a processing activity, click on the "Plus" button in the overview. Here, you fill in the processing activity or have the advisor fill it in.
- create PA
edit
- To edit a processing activity, double-click on it. You will then be redirected to the editing form.
- Note: Only processing activities that have not yet been completed can be edited.
- edit PA
update
- If a processing activity in the most recent version is no longer up to date and therefore needs to be adapted, it is possible to update it.
- To update a processing activity, select the desired processing activity by simply clicking on it. Then click on the "Create update" button at the top. This will copy the processing activity, raise it to a new version, set it to "Draft" status and take you to the new processing activity - as long as it is not completed, the old version will apply!
- If at least one of the previous versions of the processing activity was linked to a DPIA, the user is made aware of it and can check whether the DPIA needs to be linked and updated with the new version of the processing activity.
- The new version can be edited by the user.
- update PA
copy
- If a processing activity is needed more than once, it is possible to copy it.
- The copy can be customized and modified as desired.
deactivate
- To deactivate a processing activity, select the desired processing activity by simply clicking on it. You must then click on the "Annul processing activity" button at the top.
- This button is only visible to data protection experts.
- Processing activities can only be deactivated. Since a history is maintained, deletion is prevented.
- Deactivating a processing activity generally means that the processing activity is no longer carried out in this form.
Organizational register
An organizational register is an overview of all processes that process personal data in the selected organizational unit(s). An organizational register is below a company register in the hierarchy. This model should reflect your corporate structure.
Under "Data protection → Processing register → Processing activities | Organizational register | Company register", a data protection expert sees all organization registers that exist in the data protection management system. A data protection professional sees all organizational registers they are responsible for.
New organizational registers can be created here, existing ones can be edited and those that are no longer required can be deleted.
It is possible to generate a printout (as a PDF or Word-file) of the organizational register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to an organizational register.
Create/edit/delete organizational register
The following section describes how to create, edit and delete an organizational register.
create
- To create an organizational register, click on the "Plus" button in the overview and then fill in the form.
edit
- To edit an organizational register, double-click on it. You will then be redirected to the editing form.
delete
- To delete an organizational register, double-click on the desired organizational register and then click on the red "trash can" button.
- Note: When you delete an organizational register, all links to the processing activities as well as the association to the company register will be removed.
Data of the organizational register
OrgEh: Here, state which organizational unit this register belongs to.
Abbreviation and designation:
- Abbreviation: how the register will be abbreviated.
- Designation: what the register should be called.
Description: Here, describe the register's thematic focus: for example, it could be an employee register of the HR department that processes personal employee data.
Responsible: The person responsible for this register. An individual person or a team can be entered here.
Company register: The superordinate company register should be entered here (e.g. the register of the group).
Assigned processing activities
All processing activities assigned to the organizational register are listed here.
Here, it is possible to assign already existing processing activities without an organizational register to this organizational register by clicking the "chain" icon. Clicking the "plus" button creates a new processing activity for this organization register. By clicking the red "chain" icon, the assignment of the processing activity to the organizational register can be removed.
Company register
A company register is an overview that lists all organizational registers assigned to the company.
Under "Data protection → Processing register → Processing activities | Organizational register | Company register", a data protection expert sees all company registers that exist in the data protection management system. A data protection professional sees all the company registers they are responsible for.
New company registers can be created here, existing ones can be edited and those that are no longer required can be deleted.
It is possible to generate a printout (as a PDF or Word-file) of the company register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to the company register or the assigned organizational register(s).
The data protection officers of the organizational units are listed in the printouts of the company registers. The data protection officers can be recorded under "Administration → OrgUnits".
Create/edit/delete company register
This section explains the data of a company register.
create
- To create a company register, click on the "plus" button in the overview and then fill in the form.
edit
- To edit a company register, double-click on it. You will then be redirected to the edit screen.
delete
- To delete a company register, double-click on it and then click the red "trash can" button.
- Note: When you delete a company register, all links to processing activities and organization registers are removed.
Data of the company register
OrgEh:
- The organizational unit from which this register originates is entered here.
- Next to the organizational unit, it is stated who the data protection officer of this organizational unit is.
Abbreviation and designation:
- Abbreviation: how the register should be abbreviated.
- Designation: what the register should be called.
Description: Here, describe which part of the organizational structure the company registers covers.
Responsible: The person responsible for this register. An individual person or a team can be entered here.
Representatives of the OrgUnit: Persons representing the organizational unit where the register is concerned are entered here. It is not necessary for this to be a HITGuard user; you could also enter an external data protection officer and their contact information in this text field.
Assigned organizational registers
All organizational registers assigned to the company register are listed here.
Here, it is possible to assign already existing organizational registers without a company register to a company register by clicking the "chain" symbol, or to create a new organizational register for this company register by clicking the "plus" button. Clicking the red "chain" symbol cancels the assignment of a organizational register to the company register.