Legal Direct

GDPR: Is your company also required to create a processing register?

2021/01/20
Deel deze blog:

Creating a processing register is a standard part of our GDPR package." So, is this mandatory for every company?

Well, it depends."

Firstly, to ensure your company's GDPR compliance, you need to understand the personal data you hold and process, and how it is stored." Personal data includes e.g. first and last name, address, email address (info@bedrijf.be is not personal data, sofie.janssen@bedrijf.be is), IP address, ....

This includes not only your company's customers, but also your suppliers or network. Next, consider where you keep this data and why, how you ask for consent and guarantee the rights of data subjects.

In a register of processing activities, you can then make a clear overview of all activities in which you process personal data, e.g. the names you process for your customer management or personnel administration, data you receive through cookies you place on the website, through the social media you use, ...

Regardless, the processing register is a useful tool

Thus, the processing register is a useful tool anyway, but not mandatory for everyone: only if your data processing goes beyond 'occasional' and becomes regular (and this is already the case, for example, if you regularly send out a newsletter or maintain a customer list to send them a gift with their birthday), if your company has more than 250 employees, if there is the processing of special categories of data (e.g. ethnicity, political views or medical data) or if the processing of the data poses a risk to the rights and freedoms of data subjects (e.g., if the processing poses a risk of identity theft).

In other words, almost every company needs a processing register, since almost every company has regular processing of certain personal data (customer list, delivery list, social media, etc.).

Hence, our GDPR package includes a processing register for this reason:

  1. It maps out what data the company processes (and you need to have a view of that!).
  2. It is a working tool to regularly check that everything is still up to date.
  3. If you should get audited, you have all the info at hand.
  4. It's the basis for providing your disclaimer and cookie policy on the website, drafting a solid privacy statement, and updating other documents, such as terms and conditions, as needed.

So, on the one hand, it is a basis for checking what you still need to put in order; on the other hand, it provides a convenient overview of the personal data your company processes. Moreover, 'processing in a regular manner' is interpreted so broadly that for most companies a register is mandatory anyway.

Time to get started!

#GDPR #LegalDirect #Libra #processing register

LegalDirect

Martelarenlaan 32
3010 Leuven
België

Werkhuizenstraat 19
1080 Brussel
België

  • © Copyright 2024 by LegalDirect. All Rights reserved