Data Processing Questions
Firstly, do you offer a European Representative service? If yes, can you send me details of that please?
Secondly, I would like to clarify what is required on a Data Processor’s ‘Record of processing Activities’ form? I've been told by a few sources now that I have to include every client we provide processing services to, with Company Name, contact name, contact email and phone No… is this correct? We have thousands of customers!
If I must do that, then so be it, I will do it, I would just like to confidently confirm this is what I must do.
Assign topic to the user
Regarding the Records of Processing Activities (ROPA), we have a template in our EU GDPR Toolkit that you purchased, you just fill in there details related to processing operations. For example, if you offer SaaS services, you just need to fill in exactly the processing operations that are part of the services offered, without mentioning all the customers. The role of the ROPA is to have a view related to all the processing operations in the organization, done for the Controller role or for the Processor role. Third parties need to be mentioned explicitly only when they perform different processing operations as suppliers (such as externalized backup services, or hosting services).
For more details please consult these resources:
- Article 30 – Records of processing activities: https://advisera.com/eugdpracademy/gdpr/records-of-processing-activities/
- Understanding 6 key GDPR principles: https://advisera.com/eugdpracademy/knowledgebase/understanding-6-key-gdpr-principles/
- Inventory of Processing Activities: https://advisera.com/eugdpracademy/documentation/inventory-of-processing-activities/
Comment as guest or Sign in
Sep 01, 2022