Verarbeitungsregister/en: Unterschied zwischen den Versionen

Processing activities are processes of an organizational unit that process personal data.

Under "Data Protection → Processing register → Processing activities | Organization register | Company cegister", a data protection expert sees all processing activities that exist in the data protection management system. A data protection professional sees all processing activities for which they are responsible in some form.

Here, new processing activities can be recorded, existing ones can be updated and processing activities that are no longer active can be deactivated.
It is also possible to generate a printout (as a PDF or Word-file) of the processing activity for an authority, in compliance with the General Data Protection Regulation.

Example of a processing activity printout

The data protection officers of the organizational units are listed in the printouts of the processing activities. The data protection officers can be recorded under "Administration → OrgUnits".

Furthermore, it can be displayed whether data protection impact assessments are available for the processing activities. For this purpose, the columns "DPIA" and "DPIA state" must be activated in the column selection.

Create

• To create a processing activity, click on the "Plus" button in the overview. Here, you fill in the processing activity or have the advisor fill it in.
• create PA

edit

• To edit a processing activity, double-click on it. You will then be redirected to the editing form.
• Note: Only processing activities that have not yet been completed can be edited.
• edit PA

update

• If a processing activity in the most recent version is no longer up to date and therefore needs to be adapted, it is possible to update it.
• To update a processing activity, select the desired processing activity by simply clicking on it. Then click on the "Create update" button at the top. This will copy the processing activity, raise it to a new version, set it to "Draft" status and take you to the new processing activity - as long as it is not completed, the old version will apply!
• If at least one of the previous versions of the processing activity was linked to a DPIA, the user is made aware of it and can check whether the DPIA needs to be linked and updated with the new version of the processing activity.
• The new version can be edited by the user.
• update PA

copy

• If a processing activity is needed more than once, it is possible to copy it.
• The copy can be customized and modified as desired.

deactivate

• To deactivate a processing activity, select the desired processing activity by simply clicking on it. You must then click on the "Annul processing activity" button at the top.
• This button is only visible to data protection experts.
• Processing activities can only be deactivated. Since a history is maintained, deletion is prevented.
• Deactivating a processing activity generally means that the processing activity is no longer carried out in this form.

An organizational register is an overview of all processes that process personal data in the selected organizational unit(s). An organizational register is below a company register in the hierarchy. This model should reflect your corporate structure.

Under "Data protection → Processing register → Processing activities | Organizational register | Company register", a data protection expert sees all organization registers that exist in the data protection management system. A data protection professional sees all organizational registers they are responsible for.

New organizational registers can be created here, existing ones can be edited and those that are no longer required can be deleted.

It is possible to generate a printout (as a PDF or Word-file) of the organizational register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to an organizational register.

The following section describes how to create, edit and delete an organizational register.

create

• To create an organizational register, click on the "Plus" button in the overview and then fill in the form.

edit

• To edit an organizational register, double-click on it. You will then be redirected to the editing form.

delete

• To delete an organizational register, double-click on the desired organizational register and then click on the red "trash can" button.
• Note: When you delete an organizational register, all links to the processing activities as well as the association to the company register will be removed.

OrgEh: Here, state which organizational unit this register belongs to.

Abbreviation and designation:

• Abbreviation: how the register will be abbreviated.
• Designation: what the register should be called.

Description: Here, describe the register's thematic focus: for example, it could be an employee register of the HR department that processes personal employee data.

Responsible: The person responsible for this register. An individual person or a team can be entered here.

Company register: The superordinate company register should be entered here (e.g. the register of the group).

All processing activities assigned to the organizational register are listed here.

Here, it is possible to assign already existing processing activities without an organizational register to this organizational register by clicking the "chain" icon. Clicking the "plus" button creates a new processing activity for this organization register. By clicking the red "chain" icon, the assignment of the processing activity to the organizational register can be removed.

A company register is an overview that lists all organizational registers assigned to the company.

Under "Data protection → Processing register → Processing activities | Organizational register | Company register", a data protection expert sees all company registers that exist in the data protection management system. A data protection professional sees all the company registers they are responsible for.

New company registers can be created here, existing ones can be edited and those that are no longer required can be deleted.

It is possible to generate a printout (as a PDF or Word-file) of the company register for an authority, in compliance with the General Data Protection Regulation. This lists all processing activities assigned to the company register or the assigned organizational register(s).

The data protection officers of the organizational units are listed in the printouts of the company registers. The data protection officers can be recorded under "Administration → OrgUnits".

This section explains the data of a company register.

create

• To create a company register, click on the "plus" button in the overview and then fill in the form.

edit

• To edit a company register, double-click on it. You will then be redirected to the edit screen.

delete

• To delete a company register, double-click on it and then click the red "trash can" button.
• Note: When you delete a company register, all links to processing activities and organization registers are removed.

OrgEh:

• The organizational unit from which this register originates is entered here.
• Next to the organizational unit, it is stated who the data protection officer of this organizational unit is.

Abbreviation and designation:

• Abbreviation: how the register should be abbreviated.
• Designation: what the register should be called.

Description: Here, describe which part of the organizational structure the company registers covers.

Responsible: The person responsible for this register. An individual person or a team can be entered here.

Representatives of the OrgUnit: Persons representing the organizational unit where the register is concerned are entered here. It is not necessary for this to be a HITGuard user; you could also enter an external data protection officer and their contact information in this text field.

All organizational registers assigned to the company register are listed here.

Here, it is possible to assign already existing organizational registers without a company register to a company register by clicking the "chain" symbol, or to create a new organizational register for this company register by clicking the "plus" button. Clicking the red "chain" symbol cancels the assignment of a organizational register to the company register.