This is an example of a record of processing activities "Client database", taken from the PrivacyDocs demo. A similar report may be generated from PrivacyDocs using the 'Reports' function.
| Field | Value | Notes |
|---|---|---|
| Processing name | Client database | Short but descriptive internal name |
| Status | New | Record status |
| Responsible person | Mr. Salesman | Business responsible, typically leading the responsible department (for internal administration) |
| Last review | The date when the record was reviewed last time | |
| Responsible department | Sales | Department that owns the process (for internal administration) |
| Contact person | Mr. Salesman | |
| Last update | 2024-12-24 | Automatically calculated date of the latest record modification |
| Next review | ||
| Controller | My Company, LLC | Controller name |
| Recipients | Selected employees | Recipients of personal data processed in the activity |
| Retention | 7 years | Data retention periods and rules used to determine these retention periods |
| TIA(s) | Transfer Impact Assessment (TIA), recommended when personal data is exported outside the EU during the processing | |
| Security measures | Security measures applicable, or specific, to the processing | |
| JCA | The essence of the Joint Controllership Agreement to be made available to data subjects (GDPR Article 26 (2)) | |
| Joint controllers | Joint controllers for the activity, if any | |
| Purposes | Contract, Promotion | Purposes of processing to be achieved by the activity |
| Personal data | Personal data (categories) processed by the activity | |
| Legal basis | Service contract | Your company-specific legal basis used to legitimate the processing |
| Description | Description of the activity, understandable and made accessible to the data subjects | |
| Data subjects | Data subjects, whose data is processed in the activity | |
| Filing systems | Spreadsheets, paper files, databases, other systems where personal data is stored, shared, and made accessible by personal characteristics such as name, email, employee number, etc | |
| DPIA(s) | References to the DPIA conducted regarding this processing activity | |
| Review schedule | Annually | Review schedule in days past last review |
| Risks | Risk criteria for the processing; with two or more criteria you need to conduct a DPIA | |
| Rights | Rights de-facto provided to individuals on this activity | |
| Source of data | The origin from which personal data is obtained | |
| Processors | Processors involved in the activity | |
| Contractual | Yes, client | Is that a statutory or contractual requirement to the data subject? |
| Notes | Purchasing contract? | Notes by the privacy team |
| Transfers | Transfers of personal data outside the EU in the course of the activity |
This record is made to demonstrate how it may look like on PrivacyDocs and to inspire you. It should not be copied into your regiater of personal data processing activities, and not perceived as any kind of recommendation or advise.