The “Processing” menu allows to define the list of processing of personal data implemented by your organisation. You need to make a difference between the data controller’s record and the data processor’ record.
The data controller’s record
This record includes all processing implemented by your organisation.
For example : human resources management, customers management… One of
your processing may be implemented by a data processor.
Here is some information describing your processing:
- Name, purposes
- DPO and data controller
- The implementing date
- Data subjects
- Categories of personal data, period for which the data will be stored, recipients
- Person in charge of the implementation and having a right to access
The “Qualification of risk” allows to categorise the processing between 3 levels of risk:
- No risk
- Potential risk, PIA recommended
- At risk, PIA mandatory
The data processor’s record
This record includes all processing implemented by your organisation,
on behalf of your customers. For example: host data services, SAAS
application… This record is simplified and must be linked to your
A processing can be linked to a specific customer or to a categorie of customers. Linking a processing to a categorie of customers allows to not update the processing record each time the customer change. For example: concerning the SAAS APM offer, we link the processing to the “APM SAAS Customer” categorie.