Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

When working with Privacy data protection, the purpose list is used as a starting point. From this one can tag data such as Affected parties, Sources (of personal data), Receivers (of personal data), Processing activities and Personal data processed for the purpose and more. See below for more explanation of the various data types

Purpose

Tab “Purpose”

The purpose list has a function that allows you to have up to three levels when there are complicated purpose structures. For many, it will be enough to have a flat list of a few purposes. Every purpose requires a person in charge. You can also tag Assets - i.e. which Assets the Purpose uses and whether they are Active or not. If a Purpose is no longer to be used, it should not be deleted, but deactivated by clicking on the "Selectable" button.

Tagging

  • Tagging on Process means that the Purpose will appear in the resource image for the process(es)

  • Tagging on Organization indicates where in the organization the purpose applies

  • Tagging on Role indicates which roles the purpose is relevant for

Roles

In this tab, fill in everything that the data controller(s) have been asked to do plus what competence is required to handle this purpose.

...

Processing

In this tab, all types of data are registered that relate to the processing of the data for the purpose. On Sources and Receivers you can select several.

Personal data

In this list, you can define which personal data you want, but to be used correctly in accordance with the GDPR legislation, you must have the two predefined categories: Personal data and Sensitive personal data - these are entered into the system. The personal data your business uses must be entered in this list

The data in this list is used by both the Integration Assets and Purposes lists.

Sources

To use Sources in the Purposes list, these must be predefined. Go to the menu and enter all sources from which you get personal data. It can be application forms, contracts, e-mails, surveys etc.

Receivers

In the same way as Sources, receivers of personal data must be registered in a separate list before they can be tagged in the Purposes list. Here you also have to choose whether they are within or outside the EU/EEA area and possibly which country.

...

Treatment protocol

A separate report is automatically generated based on the data built up in the Purpose list according to a template from the Norwegian Data Protection Authority. The menu can be found under Reports > Processing activities.

...