Records of 'Processing Activities'
Legislations and regulations such as the POPI require you to maintain records of your processing activities (POPI Section 17, GDPR Art 30). The rationale is that the understanding of the data flows allows the justification of data processing.
A number of Supervisory Authorities have released templates for small businesses, but filling templates can be misleading. There is a risk that a "template filling exercise" doesn't lead to a proper analysis of the data flows, justification of data processing and mitigation.
Bizoneo allow you to easily gather and document your processing activity, and generate reports to assist Management and the Data-Protection Officer. We also provide specific features to assist data-processors.
- Detailed records of processing activities
- Data description;
- Documentation of the lawful base to process the data
- Retention period;
- Document staff and contractor with access to the data
- Link to the organisation's assets
- Link to the organisation's operators (or toher responsible parties)
- Category of data processed
- Ability to document the steps to justify "legitimate interest" based processing;
- Ability to document "consent" based processing;
- Ability to group processing activities into services
- Data flows between processing activities
- Document the compliance to the POPI principles for each activity or service
- Dashboard for management;
Assistance in breach handling
- The records of processing are mandatory in case of an investigation from a Data-Protection Supervisory Authority
Dedicated features for operators
- Ability to provide the documentation required to assist the proper completion of data-processing agreements;
- Handling of the data disposal register;
- Classification of records of processing activity (in line with ISO 27001 requirements);
- Ability to export in Word/PDF.
- Ability to add data classification attributes;
- Encryption at rest and in transit;