Record of processing Explanations

The “Processing” menu allows to define the list of processing of personal data implemented by your organisation. You need to make a difference between the data controller’s record and the data processor’ record.

The data controller’s record

This record includes all processing implemented by your organisation. For example : human resources management, customers management… One of your processing may be implemented by a data processor.

Here is some information describing your processing:

  • Name, purposes
  • DPO and data controller
  • The implementing date
  • Data subjects
  • Categories of personal data, period for which the data will be stored, recipients
  • Person in charge of the implementation and having a right to access

The “Qualification of risk” allows to categorise the processing between 3 levels of risk:

  • No risk
  • Potential risk, PIA recommended
  • At risk, PIA mandatory

The data processor’s record

This record includes all processing implemented by your organisation, on behalf of your customers. For example: host data services, SAAS application… This record is simplified and must be linked to your customer.

A processing can be linked to a specific customer or to a categorie of customers. Linking a processing to a categorie of customers allows to not update the processing record each time the customer change. For example: concerning the SAAS APM offer, we link the processing to the “APM SAAS Customer” categorie.