As an organisation you must be able to demonstrate your compliance with the GDPR. One of its general obligations is to maintain a record of your data processing activities (article 30). This record should contain information about all the ways you store and use personal data within your organisation. Our Inventory module helps you to create a clear overview of this which can be easily searched through and filtered.
Privacy Nexus uses the unique approach of splitting your record of data processing activities into Systems and Processings. This way, you get a complete picture of how the data is stored (where is it located, what kind of security measures are in place), and all the ways in which it is used. Data is often stored once but used for multiple purposes, some of which will be riskier than others. The connection between Systems and Processings gives your organisation a better insight into these risks.
For each System and each Processing you are asked to fill out a questionnaire. These are clear surveys utilising close-ended questions. We have left out legal jargon where possible, so it’s easier to understand the questions for everyone.
Data-items can be selected per System or Processing. To make this easier for you, we’ve made a list of over 150 data-items to choose from, all categorised and searchable. This level of detail allows you to easily pinpoint Systems and Processing containing sensitive or risky data.
We have made ready-to-use templates for popular Systems and Processings where we suggest the personal data-items that are stored or processed. By using a template you save time and you get some help to make sure the list of data-items you select is indeed complete.