One of the requirements of the GDPR is to know which personal data you are collecting, processing, sharing in your organisation. To do that you have to create a Processing Index and you could use our GDPR Tool for that.
Principles of GDPR
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimisation
- Storage limitation
- Integrity and confidentiality
2. Processing Index
We help creating this with many examples.
- What personal data do you process?
- Which are the effected persons?
- How long do you store the data?
- Who are recipients of your data?
- How do you protect that data?
3. Privacy Statement
Explain to your visitors, clients:
- what personal data you process
- what data you transfer 3rd parties
- how long you store it
- how they can contact you
4. Processor Contracts
If you transfer data to 3rd parties, you have to make contracts to ensure the processors are also GDPR compliant. Contracts have to include:
- what personal data you are processing
- if there are recipients
- how the processor is compliant
- what are the technical and organisational measures
5. DPIA / DPO
Determine the need of:
- Data Protection Impact Assessment: is there high risk for the freedom and rights of natural persons?
- Data Protection Officer: Do you process personal data on a large scale? Or sensitive data?
6. Rights of EU Citizens
Right to ...
- be informed
- get access
- get the data corrected
- cancellation ("right to be forgotten")
- restriction of processing
- data portability
Processing index with GDPR Tool
To add or edit your processing activities, recipients, and technical and organisational measures (TOM), you need to have an active subscription to the service.
When your subscription has expired, you can still download the PDFs that you have created.
Want to know more:
overview of subscriptions