Menü aufrufen
Toggle preferences menu
Persönliches Menü aufrufen
Nicht angemeldet
Ihre IP-Adresse wird öffentlich sichtbar sein, wenn Sie Änderungen vornehmen.

Verarbeitungsregister/en: Unterschied zwischen den Versionen

Aus HITGuard User Guide
Isan (Diskussion | Beiträge)
Keine Bearbeitungszusammenfassung
Isan (Diskussion | Beiträge)
Keine Bearbeitungszusammenfassung
Markierungen: mobile web edit mobile edit
 
(29 dazwischenliegende Versionen von 3 Benutzern werden nicht angezeigt)
Zeile 1: Zeile 1:


<span id="Verarbeitungstätigkeiten_(VTs)"></span>
== <span id="Verarbeitungstätigkeiten"></span>Processing activities (PAs) ==
== <span id="Verarbeitungstätigkeiten"></span>Processing activities (PAs) ==


Zeile 6: Zeile 7:
Under "Data Protection → Processing register → <u>Processing activities</u> | Organization register | Company cegister", a data protection expert sees all processing activities that exist in the data protection management system. A data protection professional sees all processing activities for which they are responsible in some form.  
Under "Data Protection → Processing register → <u>Processing activities</u> | Organization register | Company cegister", a data protection expert sees all processing activities that exist in the data protection management system. A data protection professional sees all processing activities for which they are responsible in some form.  


<div class="mw-translate-fuzzy">
Here, new processing activities can be recorded, existing ones can be updated and processing activities that are no longer active can be deactivated.<br>
Here, new processing activities can be recorded, existing ones can be updated and processing activities that are no longer active can be deactivated.
It is also possible to generate a printout (as a PDF or Word-file) of the processing activity for an authority, in compliance with the General Data Protection Regulation.
It is also possible to generate a printout (as a PDF or Word-file) of the processing activity for an authority, in compliance with the General Data Protection Regulation.
</div>


[[Media:Verarbeitungstätigkeit neu.pdf | Example of a processing activity printout]]
[[Media:Verarbeitungstätigkeit neu.pdf | Example of a processing activity printout]]


The data protection officers of the organizational units are listed in the printouts of the processing activities. The data protection officers can be recorded under [[Special:MyLanguage/OrgEh_-_Organizational_Units#org_unit|"Administration → OrgUnits"]].
The data protection officers of the organizational units are listed in the printouts of the processing activities. The data protection officers can be recorded under [[Special:MyLanguage/OrgEh_-_Organisationseinheiten#org_unit|"Administration → OrgUnits"]].


Furthermore, it can be displayed whether data protection impact assessments are available for the processing activities. For this purpose, the columns "DPIA" and "DPIA state" must be activated in the column selection.  
Furthermore, it can be displayed whether data protection impact assessments are available for the processing activities. For this purpose, the columns "DPIA" and "DPIA state" must be activated in the column selection.  
Zeile 19: Zeile 18:
[[Datei:Verarbeitungsregister Übersicht.png|left|thumb|901px|Overview of processing activities]]<br clear=all>
[[Datei:Verarbeitungsregister Übersicht.png|left|thumb|901px|Overview of processing activities]]<br clear=all>


<span id="Verarbeitungstätigkeit_erstellen/bearbeiten/aktualisieren/kopieren/deaktivieren"></span>
=== <span id="Create processing activity"></span>Create/edit/update/copy/deactivate processing activity===
=== <span id="Create processing activity"></span>Create/edit/update/copy/deactivate processing activity===


<b>Create</b>
<b>Create</b>
*To create a processing activity, click on the "Plus" button in the overview. Here, you fill in the processing activity or have the advisor fill it in.
*To create a processing activity, click on the "Plus" button in the overview. Here, you fill in the processing activity or have the advisor fill it in.
*[[Create processing activity|create VT]]
*[[Processing activity|create PA]]


<b>edit</b>
<b>edit</b>
* To edit a processing activity, double-click on it. You will then be redirected to the mask for editing.
* To edit a processing activity, double-click on it. You will then be redirected to the editing form.
* Note: Only processing activities that have not yet been completed can be edited.
* Note: Only processing activities that have not yet been completed can be edited.
*[[Edit processing activity|edit VT]]
*[[Processing activity|edit PA]]


<div class="mw-translate-fuzzy">
<b>update</b>
<b>update</b>
* If a processing activity is no longer up to date in the most current version and therefore needs to be adapted, it is possible to update it.
* If a processing activity in the most recent version is no longer up to date and therefore needs to be adapted, it is possible to update it.
* To update a processing activity, select the desired processing activity by simply clicking on it. Then click on the "Create update" button at the top. This will copy the processing activity, raise it to a new version, set it to "Draft" status and take you to the new processing activity - as long as it is not completed, the old version will apply!
* To update a processing activity, select the desired processing activity by simply clicking on it. Then click on the "Create update" button at the top. This will copy the processing activity, raise it to a new version, set it to "Draft" status and take you to the new processing activity - as long as it is not completed, the old version will apply!
* If at least one of the previous versions of the processing activity was linked to a DPIA, the user is made aware of it and can check whether the DPIA needs to be linked and updated with the new version of the processing activity.
* The new version can be edited by the user.
* The new version can be edited by the user.
* [[Edit processing activity|edit VT]]
* [[Processing activity|update PA]]
</div>


<b>copy</b>
<b>copy</b>
Zeile 42: Zeile 41:
* The copy can be customized and modified as desired.
* The copy can be customized and modified as desired.


<div class="mw-translate-fuzzy">
<b>deactivate</b>
<b>deactivate</b>
* To deactivate a processing activity, select the desired processing activity by simply clicking on it. You must then click on the "Annul processing activity" button at the top.
* To deactivate a processing activity, select the desired processing activity by simply clicking on it. You must then click on the "Annul processing activity" button at the top.
* This button is only visible to data protection experts.
* This button is only visible to data protection experts.
* Processing activities can only be deactivated. Since a history is maintained, deletion is prevented.
* Processing activities can only be deactivated. Since a history is maintained, deletion is prevented.
* Deactivating a processing activity means that the personal data that the processing activity handled will either no longer be processed or will look different.
* Deactivating a processing activity generally means that the processing activity is no longer carried out in this form.
</div>


<span id="Organisationsregister"></span>
== <span id="Organizational register"></span>Organizational register ==
== <span id="Organizational register"></span>Organizational register ==


<div class="mw-translate-fuzzy">
An organizational register is an overview of all processes that process personal data in the selected organizational unit(s). An organizational register is below a company register in the hierarchy. This model should reflect your corporate structure.
An organizational register is a register of an organizational unit in which all processes that process personal data in the organizational unit are visible. An organizational register is below a company register in the hierarchy. This model should be similar to the corporate structure: for example, the corporate registry is above the HR registry.
</div>


Under "Data protection → Processing register → Processing activities | <u>Organizational register</u> | Company register", a data protection expert sees all organization registers that exist in the data protection management system. A data protection professional sees all organizational registers they are responsible for.  
Under "Data protection → Processing register → Processing activities | <u>Organizational register</u> | Company register", a data protection expert sees all organization registers that exist in the data protection management system. A data protection professional sees all organizational registers they are responsible for.  
Zeile 62: Zeile 58:
New organizational registers can be created here, existing ones can be edited and those that are no longer required can be deleted.
New organizational registers can be created here, existing ones can be edited and those that are no longer required can be deleted.


<div class="mw-translate-fuzzy">
It is possible to generate a printout (as a PDF or Word-file) of the organizational register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to an organizational register.
It is possible to generate a printout (as a PDF or Word-file) of the organizational register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to an organizational register.
</div>


<span id="Organisationsregister_erstellen/bearbeiten/löschen"></span>
=== <span id="Create organization register"></span>Create/edit/delete organizational register===
=== <span id="Create organization register"></span>Create/edit/delete organizational register===


Zeile 73: Zeile 68:


<b>create</b>
<b>create</b>
*To create an organizational register, click on the "Plus" button in the overview and then fill in the mask.
*To create an organizational register, click on the "Plus" button in the overview and then fill in the form.


<b>edit</b>
<b>edit</b>
*To edit an organizational register, double-click on it. You will then be redirected to the mask for editing.
*To edit an organizational register, double-click on it. You will then be redirected to the editing form.


<b>delete</b>
<b>delete</b>
Zeile 82: Zeile 77:
* Note: When you delete an organizational register, all links to the processing activities as well as the association to the company register will be removed.
* Note: When you delete an organizational register, all links to the processing activities as well as the association to the company register will be removed.


<span id="Daten_des_Organisationsregisters"></span>
==== <span id="Data of the organization register"></span>Data of the organizational register ====
==== <span id="Data of the organization register"></span>Data of the organizational register ====


<u>OrgEh:</u>
<u>OrgEh:</u> Here, state which organizational unit this register belongs to.
* Here, state which organizational unit this register belongs to.


<div class="mw-translate-fuzzy">
<u>Abbreviation and designation:</u>
<u>Abbreviation and designation:</u>
* Abbreviation: How the register will be abbreviated.
* Abbreviation: how the register will be abbreviated.
* Designation: What the register should be called.
* Designation: what the register should be called.
</div>


<div class="mw-translate-fuzzy">
<u>Description:</u> Here, describe the register's thematic focus: for example, it could be an employee register of the HR department that processes personal employee data.
<u>Description:</u>
* Here, describe what the register takes care of: for example, it could be an employee register of the HR department that processes personal employee data.
</div>


<u>Responsible:</u>
<u>Responsible:</u> The person responsible for this register. An individual person or a team can be entered here.
* The person responsible for this register.


<div class="mw-translate-fuzzy">
<u>Company register:</u> The superordinate company register should be entered here (e.g. the register of the group).
<u>Company register:</u>
* The register of the superordinate organizational unit should be entered here (e.g. the register of the group).
</div>


<span id="Zugeordnete_Verarbeitungstätigkeiten"></span>
==== <span id="Assigned processing activities"></span>Assigned processing activities ====
==== <span id="Assigned processing activities"></span>Assigned processing activities ====


All processing activities assigned to the organizational register are listed here.
All processing activities assigned to the organizational register are listed here.


Here, it is possible to assign already existing processing activities without an organizational register to this organizational register by clicking the "chain" icon. Clicking the "plus" button creates a new processing activity for this organization register. By clicking the red "chain" icon, the assignment of the processing activity to the organizational register can be cancelled.
Here, it is possible to assign already existing processing activities without an organizational register to this organizational register by clicking the "chain" icon. Clicking the "plus" button creates a new processing activity for this organization register. By clicking the red "chain" icon, the assignment of the processing activity to the organizational register can be removed.


<span id="Gesellschaftsregister"></span>
== <span id="Gesellschaftsregister"></span>Company register==
== <span id="Gesellschaftsregister"></span>Company register==


<div class="mw-translate-fuzzy">
A company register is an overview that lists all organizational registers assigned to the company.
A company register is a register of a company, in which all organizational registers that process personal data in the company are listed.
</div>


Under "Data protection → Processing register → Processing activities | Organizational register | <u>Company register</u>", a data protection expert sees all company registers that exist in the data protection management system. A data protection professional sees all the company registers they are responsible for.  
Under "Data protection → Processing register → Processing activities | Organizational register | <u>Company register</u>", a data protection expert sees all company registers that exist in the data protection management system. A data protection professional sees all the company registers they are responsible for.  


[[Datei:Gesellschaftsregister Überischt.png|left|thumb|900px|Overview of the company registers]]<br clear=all>
[[Datei:Gesellschaftsregister Überischt.png|left|thumb|901px|Overview of the company registers]]<br clear=all>


New company registers can be created here, existing ones can be edited and those that are no longer required can be deleted.
New company registers can be created here, existing ones can be edited and those that are no longer required can be deleted.


<div class="mw-translate-fuzzy">
It is possible to generate a printout (as a PDF or Word-file) of the company register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to the company register or the assigned organizational register(s).
It is possible to generate a printout (as a PDF or Word-file) of the company register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to the company register or the assigned organizational register.
</div>


The data protection officers of the organizational units are listed in the printouts of the company registers. The data protection officers can be recorded under [[Special:MyLanguage/OrgEh_-_Organizational_Units#org_unit|"Administration → OrgUnits"]].
The data protection officers of the organizational units are listed in the printouts of the company registers. The data protection officers can be recorded under [[Special:MyLanguage/OrgEh_-_Organizational_Units#org_unit|"Administration → OrgUnits"]].




<span id="Gesellschaftsregister_erstellen/bearbeiten/löschen"></span>
=== <span id="Create company register"></span>Create/edit/delete company register===
=== <span id="Create company register"></span>Create/edit/delete company register===


This section explains the data of a company register.
This section explains the data of a company register.


[[Datei:Gesellschaftsregister bearbeiten.png|left|thumb|900px|Edit company register]]<br clear=all>
[[Datei:Gesellschaftsregister bearbeiten.png|left|thumb|901px|Edit company register]]<br clear=all>


<b>create</b>
<b>create</b>
*To create a company register, click on the "plus" button in the overview and then fill in the mask.
*To create a company register, click on the "plus" button in the overview and then fill in the form.


<b>edit</b>
<b>edit</b>
Zeile 147: Zeile 132:
* Note: When you delete a company register, all links to processing activities and organization registers are removed.
* Note: When you delete a company register, all links to processing activities and organization registers are removed.


<span id="Daten_des_Gesellschaftsregisters"></span>
==== <span id="Daten des Gesellschaftsregisters"></span>Data of the company register ====
==== <span id="Daten des Gesellschaftsregisters"></span>Data of the company register ====


Zeile 153: Zeile 139:
* Next to the organizational unit, it is stated who the data protection officer of this organizational unit is.
* Next to the organizational unit, it is stated who the data protection officer of this organizational unit is.


<div class="mw-translate-fuzzy">
<u>Abbreviation and designation:</u>
<u>Abbreviation and designation:</u>
* Abbreviation: How the register should be abbreviated.
* Abbreviation: how the register should be abbreviated.
* Designation: What the register should be called.
* Designation: what the register should be called.
</div>


<div class="mw-translate-fuzzy">
<u>Description:</u> Here, describe which part of the organizational structure the company registers covers.
<u>Description:</u>
* Here, describe what the register takes care of: for example, it could be an employee register of the HR department that processes personal employee data.
</div>


<u>Data Protection Coordinator:</u>
<u>Responsible:</u> The person responsible for this register. An individual person or a team can be entered here.
* The person responsible for this register.


<u>Representatives of the OrgUnit:</u>
<u>Representatives of the OrgUnit:</u> Persons representing the organizational unit where the register is concerned are entered here. It is not necessary for this to be a HITGuard user; you could also enter an external data protection officer and their contact information in this text field.
* Persons representing the organizational unit where the register is concerned are entered here.


==== <span id="Assigned Organizational Registers"></span>Assigned Organizational Registers====
<span id="Zugeordnete_Organisationsregister"></span>
==== <span id="Assigned Organizational Registers"></span>Assigned organizational registers====


<div class="mw-translate-fuzzy">
All organizational registers assigned to the company register are listed here.
All organizational registers that are assigned to the company register are listed here.
</div>


<div class="mw-translate-fuzzy">
Here, it is possible to assign already existing organizational registers without a company register to a company register by clicking the "chain" symbol, or to create a new organizational register for this company register by clicking the "plus" button. Clicking the red "chain" symbol cancels the assignment of a organizational register to the company register.
Here, it is possible to assign already existing organizational registers without a company register to a company register by clicking the "chain" symbol, or to create a new organizational register for this company register by clicking the "plus" button. Clicking the red "chain" symbol cancels the assignment of the organizational register to the company register.
</div>

Aktuelle Version vom 23. November 2023, 14:30 Uhr

Processing activities (PAs)

Processing activities are processes of an organizational unit that process personal data.

Under "Data Protection → Processing register → Processing activities | Organization register | Company cegister", a data protection expert sees all processing activities that exist in the data protection management system. A data protection professional sees all processing activities for which they are responsible in some form.

Here, new processing activities can be recorded, existing ones can be updated and processing activities that are no longer active can be deactivated.
It is also possible to generate a printout (as a PDF or Word-file) of the processing activity for an authority, in compliance with the General Data Protection Regulation.

Example of a processing activity printout

The data protection officers of the organizational units are listed in the printouts of the processing activities. The data protection officers can be recorded under "Administration → OrgUnits".

Furthermore, it can be displayed whether data protection impact assessments are available for the processing activities. For this purpose, the columns "DPIA" and "DPIA state" must be activated in the column selection.

Overview of processing activities


Create/edit/update/copy/deactivate processing activity

Create

  • To create a processing activity, click on the "Plus" button in the overview. Here, you fill in the processing activity or have the advisor fill it in.
  • create PA

edit

  • To edit a processing activity, double-click on it. You will then be redirected to the editing form.
  • Note: Only processing activities that have not yet been completed can be edited.
  • edit PA

update

  • If a processing activity in the most recent version is no longer up to date and therefore needs to be adapted, it is possible to update it.
  • To update a processing activity, select the desired processing activity by simply clicking on it. Then click on the "Create update" button at the top. This will copy the processing activity, raise it to a new version, set it to "Draft" status and take you to the new processing activity - as long as it is not completed, the old version will apply!
  • If at least one of the previous versions of the processing activity was linked to a DPIA, the user is made aware of it and can check whether the DPIA needs to be linked and updated with the new version of the processing activity.
  • The new version can be edited by the user.
  • update PA

copy

  • If a processing activity is needed more than once, it is possible to copy it.
  • The copy can be customized and modified as desired.

deactivate

  • To deactivate a processing activity, select the desired processing activity by simply clicking on it. You must then click on the "Annul processing activity" button at the top.
  • This button is only visible to data protection experts.
  • Processing activities can only be deactivated. Since a history is maintained, deletion is prevented.
  • Deactivating a processing activity generally means that the processing activity is no longer carried out in this form.

Organizational register

An organizational register is an overview of all processes that process personal data in the selected organizational unit(s). An organizational register is below a company register in the hierarchy. This model should reflect your corporate structure.

Under "Data protection → Processing register → Processing activities | Organizational register | Company register", a data protection expert sees all organization registers that exist in the data protection management system. A data protection professional sees all organizational registers they are responsible for.

Overview of the organizational registers


New organizational registers can be created here, existing ones can be edited and those that are no longer required can be deleted.

It is possible to generate a printout (as a PDF or Word-file) of the organizational register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to an organizational register.

Create/edit/delete organizational register

The following section describes how to create, edit and delete an organizational register.

Edit organizational register


create

  • To create an organizational register, click on the "Plus" button in the overview and then fill in the form.

edit

  • To edit an organizational register, double-click on it. You will then be redirected to the editing form.

delete

  • To delete an organizational register, double-click on the desired organizational register and then click on the red "trash can" button.
  • Note: When you delete an organizational register, all links to the processing activities as well as the association to the company register will be removed.

Data of the organizational register

OrgEh: Here, state which organizational unit this register belongs to.

Abbreviation and designation:

  • Abbreviation: how the register will be abbreviated.
  • Designation: what the register should be called.

Description: Here, describe the register's thematic focus: for example, it could be an employee register of the HR department that processes personal employee data.

Responsible: The person responsible for this register. An individual person or a team can be entered here.

Company register: The superordinate company register should be entered here (e.g. the register of the group).

Assigned processing activities

All processing activities assigned to the organizational register are listed here.

Here, it is possible to assign already existing processing activities without an organizational register to this organizational register by clicking the "chain" icon. Clicking the "plus" button creates a new processing activity for this organization register. By clicking the red "chain" icon, the assignment of the processing activity to the organizational register can be removed.

Company register

A company register is an overview that lists all organizational registers assigned to the company.

Under "Data protection → Processing register → Processing activities | Organizational register | Company register", a data protection expert sees all company registers that exist in the data protection management system. A data protection professional sees all the company registers they are responsible for.

Overview of the company registers


New company registers can be created here, existing ones can be edited and those that are no longer required can be deleted.

It is possible to generate a printout (as a PDF or Word-file) of the company register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to the company register or the assigned organizational register(s).

The data protection officers of the organizational units are listed in the printouts of the company registers. The data protection officers can be recorded under "Administration → OrgUnits".


Create/edit/delete company register

This section explains the data of a company register.

Edit company register


create

  • To create a company register, click on the "plus" button in the overview and then fill in the form.

edit

  • To edit a company register, double-click on it. You will then be redirected to the edit screen.

delete

  • To delete a company register, double-click on it and then click the red "trash can" button.
  • Note: When you delete a company register, all links to processing activities and organization registers are removed.

Data of the company register

OrgEh:

  • The organizational unit from which this register originates is entered here.
  • Next to the organizational unit, it is stated who the data protection officer of this organizational unit is.

Abbreviation and designation:

  • Abbreviation: how the register should be abbreviated.
  • Designation: what the register should be called.

Description: Here, describe which part of the organizational structure the company registers covers.

Responsible: The person responsible for this register. An individual person or a team can be entered here.

Representatives of the OrgUnit: Persons representing the organizational unit where the register is concerned are entered here. It is not necessary for this to be a HITGuard user; you could also enter an external data protection officer and their contact information in this text field.

Assigned organizational registers

All organizational registers assigned to the company register are listed here.

Here, it is possible to assign already existing organizational registers without a company register to a company register by clicking the "chain" symbol, or to create a new organizational register for this company register by clicking the "plus" button. Clicking the red "chain" symbol cancels the assignment of a organizational register to the company register.