RoPA | Data Mapping

AUTOMATED AND VISUAL MAP OF YOUR COMPANY'S DATA

Keep the control over all your processing activities and manage the data your company deals with visually. Let us show you how:

book a demo

Have a global vision of your company's data

Automate the process of creating your data map and assists you with the registration of your data processes 

Assisted process

Generate a record of all your data processing activities with one-click. Easy to keep up to date.

Visual map 100% updated

Visually and concisely identify the data your company deals with in real time

Automatically generated

Based on previously identified processing activities

Manage record of processing activities (RoPA)

Pridatect assists you with the registration of your data processes

  • With our software, you will receive a recommended list of the most common processing activities.
  • Manage data workflows in which you know exactly what information to enter and where.
  • The assisted record of processing activities is easy to update and with one click it is ready in a report.
  • Automated processing reports available for submission to authorities and management.

Data mapping with Pridatect

Automatic data map generator

  • Simplifies and automates the process of creating 100% real-time maps of your company's data flows
  • Detailed and visual identification of the data your organisation processes, who is responsible and how it is transferred internally or externally
  • Automated data mapping based on the processing activities you have previously identified.
  • Helps you to minimize the risks of non-compliance and to comply with all the privacy requirements.
  • Easy to export and print
With Pridatect as our partner for data protection, we feel we are in very good hands. In addition to the platform, we are particularly impressed by Pridatect's personal and human approach. We can approach our contact person with any questions and always get quick answers.
Pernille Grav
Pernille GravTalent Manager at Zahnarzt-Helden
The slogan of Gorillas is “Faster than you”. And sometimes that is actually the case. That is why we have to be careful that our compliance efforts and our efforts to establish, build and ensure data protection grow with the company and that we keep pace with the growth.
Marc Hansell
Marc HansellHead of Legal at Gorillas
10-Minute Online Delivery

FAQs

To keep a register of processing activities is a new corporate responsibility, set out in Article 30 of GDPR, which implies a clear and complete overview of all processing activities taking place within an organisation, and their consequent documentation. This process will require proactive collaboration by organisations.

 

Data controllers shall be responsible for keeping up-to-date records of all processing activities taking place within the organisation.

The records shall contain the following information:

 

  • The name and contact details of the controller and, where appropriate, of the processor;
  • The purposes of the processing;
  • A description of the categories of data subjects and of the categories of personal data;
  • The categories of recipient to whom the personal data have been or will be sent, including recipients in third countries or international organisations;
  • Transfers of personal data to a third country or international organisation, including documentation of appropriate safeguards;
    time limits for the deletion of different categories of data;
  • Time limits for the deletion of different categories of data;
  • An overview of the technical and organisational measures implemented.

According to GDPR, it is not compulsory when the company has less than 250 workers.

However, there are some exceptions. If an enterprise has fewer than 250 employees, it is always mandatory, no matter how many employees, to keep a record of processing activities, if the data processed:

  • Is likely to present a risk to the rights and freedoms of the data subjects
  • Is related to convictions and criminal offences
  • On a non-occasional basis, includes special categories of personal data (indicated in article 9 of GDPR)
  • Racial or ethnic origin
  • Political opinion
  • Religious or philosophical beliefs
  • Union membership
  • Processing of genetic data
  • Biometric data aimed at uniquely identifying a natural person
  • Data concerning health or data concerning the sexual life or sexual orientations of a natural person

The record of processing activities must always be in electronic format. However, it is also valid in written format & must always be up to date.

The record will provide an overview of all data processing activities within the organisation and therefore allow organisations to control what type of data categories are being processed, by whom (which departments or business units) and for what underlying purposes. This knowledge will allow organisations to make internal connections, join efforts or projects with the same or equivalent objectives and/or challenges and result in greater control over data processing activities. This will provide insight into risks and necessary mitigation actions, and will inevitably empower organisations to do more – and in a well-ordered way – with the personal data available.

Any successful data protection program starts with understanding what kind of data a company collects, stores, processes, shares and disposes of.

 

Having a visual element such as a data map allows you to have an overview of what data the company handles and whether it is transferred from one location to another either internally or externally.

In addition, the data visualisation will help employees to easily follow the personal data flows in the organisation and managers to have full control of all data. 

 

A data map visually shows the processing activities, i.e. the data that a company is processing, and to whom it is communicating (the recipients). 

These processing activities must be predefined in order to comply with the requirements of art. 30 of GDPR. This article indicates that each data controller must keep a record of the processing activities.

 
 

A comprehensive data flow map to help ensure GDPR compliance will show all the data that exists in the company and where it is moving in and out of the company. When data mapping for GDPR make sure to include the following:

 

  • What data is being handled, is it sensitive data or not?
  • Where is the data stored?
  • Where does the data go?

 

 

 
Contact us

Get started today

Discover how Pridatect can help you in taking control of your companies data protection

book a demo

Do you have any questions? Get in touch with our sales team.

☏ +44 7427 505253 | Monday to Friday from 8:00 to 17:00 GMT

pridatect-kit-digital
  • ©Copyright 2022 Pridatect SL
Linkedin