Processing Activities Module (RoPA)
The Processing Activities module in TrustWorks enables organisations to manage and document their data processing activities effectively. It serves as a central repository for recording essential details about various processing activities performed within the organisation.
Overview of Processing Activities
Maintaining a comprehensive record of processing activities (RoPA) is a key requirement under the General Data Protection Regulation (GDPR). Article 30 of the GDPR mandates that data controllers and data processors must maintain an overview of all data processing activities. This includes information about the purpose of processing, categories of personal data processed, categories of data subjects, any data transfers to third countries or international organisations, retention periods, and descriptions of security measures.
TrustWorks Processing Activities module streamlines the process of creating, managing, and documenting processing activities, ensuring organisations achieve GDPR compliance and enhance data governance.
Viewing Existing Processing Activities
To access the list of existing processing activities in TrustWorks, follow these steps:
- Navigate to the Processing Activities section.
- Here, you'll find a comprehensive list of processing activities, each with specific details.
For each processing activity, the following information is available:
- Activity: The name of the processing activity.
- Owner: The individual or team responsible for overseeing the processing activity.
- Type: Whether the processing activity is performed by a controller or processor.
- Entity: The legal entity involved in the processing activity (controller of processor).
- Categories of Individuals: The categories of individuals whose data is processed in the activity.
- Data Repositories: The repositories or systems where the data is stored.
- Status: The current status of the processing activity (e.g., approved, in review, draft).
Creating New Processing Activities
To create a new processing activity manually, follow these steps:
- Go to the Processing Activities section.
- Click on "New Processing Activity."
- Provide the necessary details for the new processing activity, including:
- Activity: The name of the processing activity.
- Type: Select whether the activity is performed by a controller or processor.
- Entity: Specify the legal entity involved in the processing activity.
- Add data mapping: Choose the categories of individuals whose data will be processed, select the repositories or systems where the data is stored, select data sources and recipients.
- Lawful basis: Select the lawful basis from the list
- Click on
+ Createto save your processing activity.
Managing Existing Processing Activities
TrustWorks provides various actions for managing existing processing activities:
- Update the status (draft, in review or approved). This way it's easier to keep track of the progress.
- Update the team/owner of the processing activity.
- Update the data mapping
- Add data sources and data recipients
- Update the lawful basis (you can also use the assistant for that)
- Duplicate data mapping and make adjustments if necessary
- Add retention schedules
It's essential to keep the information in the processing activities up-to-date and accurate to ensure compliance with data protection regulations.
Using AI-Assistant for Automated Processing Activities Creation and Enrichment
TrustWorks' AI-assistant feature streamlines the process of creating processing activities by utilising the data map for context. This innovative capability saves time and reduces manual data entry efforts, making the creation of processing activities more efficient and accurate.
You can also enhance the data mapping with suggestions of Data Repositories, Category of Individuals, and Data Categories using the Ai-assistant.
Exporting and Editing RoPA
The Record of Processing Activities (RoPA) can be exported from TrustWorks to meet regulatory requirements. If necessary, organisations can edit and update the RoPA to ensure compliance with data protection regulations.
Conclusion
TrustWorks Processing Activities module provides organisations with a robust platform to manage and document data processing activities effectively. By maintaining a comprehensive overview of processing activities, organizations can achieve GDPR compliance, enhance data governance, and demonstrate their commitment to data protection.
Efficiently manage processing activities, approve, edit, or delete existing records, and leverage the AI-assistant feature for automated processing activity creation. With TrustWorks, organisations can ensure robust data privacy management and regulatory compliance.