Processing activites are events which an organisation undertakes to fulfil its objectives, where personal data is processed, data protection teams are keen to understand and identify any risks. Understanding how personal data is used within your organisation is often the starting point of determining where risks lie and how to manage them.
It is sensible to break down activities into multiple activities if doing so will identify how data is used differently, for example payroll activities can probably be broken down into, recording sickness and absence, preparing a payroll file and issuing the payroll file for payment. You will find by doing this you will more easily be able to identify and understand how data is used in different ways, for example if it is shared with multiple third parties.
These different activities will identify different potential risks, for example recording sickness is likely to process sensitive data whilst issuing pension information for payment may share data with an outsourced data processor.
How can ProvePrivacy Help?
ProvePrivacy starts with helping to define activities within the Record of Processing Activities (RoPA). These can be separated by subsidiaries and by department and allows you to assess each of these for potential risks at your own pace and to your own plan.
