GDPR Process - Data Audit

Data Audit

In order to protect personal data as prefigured by GDPR, you first need to be fully aware of what personal data is being captured, processed and stored by your organization, or by third-party organizations on your behalf.

To this end, you need to accurately identify and classify such data, by modelling the processes currently in place in your organization.

Data Audit - How To

Step 1. Create an Organization

Log into the amministrative interface using your username and password.

You just need to click on the suggestion displayed in the Registry Status Widget. Otherwise, you may go to "Audit->Your organizations->Add Organization". Then, you can insert all details about your organization and save.

Add organization Acme Inc

Step 2. Associate a Business Process to your Organization

In general, you should insert each business process of your organization which is expected to manage personal data. In the edit page of your organization, click on the add (+) icon, of the field "business processes". Then fill in all details about the business process.

Add Business Process Human Resources Process

Step 3. Associate a Processing Activity to each Business Process

In general, for each business process, you should insert each processing activity which is expected to manage personal data. Data Processing activities always prefigure a specific (lawful) goal and purpose. In the edit page of a business process, click on the add (+) icon of the field "processing activities". Then fill in all details about the processing activity.

In general, for each data processing activity you should specify:

  • Name: e.g, Contractualization
  • Scope of treatment: e.g., personnel management
  • Processing type: e.g., normal (special treatments may be dedicated to particular categories of data only)
  • Legal base: e.g., necessary for the execution of a contract (GDPR art. 6(1)b)

Add Processing Activity Contractualization

Step 4. Associate a Data Audit to each Processing Activity

You should insert the details about the data handled by each processing activity. In the edit page of a processing activity, click on the add (+) icon of the field "data audit". Then fill in all details about the data audit.

In general, for each data audit you should specify:

  • Name: e.g, identity documents of employees
  • Category: e.g., personal identifiable information
  • Inherent risk for the freedom and rights of individuals: e.g., medium

Add Data Audit Identity documents