An activity is a process, or part of a process which your organisation undertakes to fulfil its objectives, where an activity processes personal data this should be for a legitimate purpose.
Understanding how personal data is used within your organisation is often the starting point of determining where risks lie and how to manage them. ProvePrivacy starts with defining the activities which take place in each department and allows you to assess each of these for potential risks at your own pace and to your own plan.
It is sensible to break down activities into multiple activities if doing so will identify how data is used differently, for example payroll activities can probably be broken down into, recording sickness and absence, preparing a payroll file and issuing the payroll file for payment.
These different activities will identify different potential risks, for example recording sickness is likely to process sensitive data whilst issuing for payment may share data with an outsourced data processor.