Understanding Processing activity hierarchy

  • Freigeben Version: Australia
  • Aktualisiert 12. März 2026
  • 2 Minuten Lesedauer

    • Each processing activity involves multiple information objects classified as personal information. These objects exchange data with various other entities, making it essential to establish a data lineage or hierarchy that tracks where personal data is shared. This understanding helps mitigate privacy-related risks.

    Scenario to understand the importance of Hierarchy

    To understand why data lineage is important, consider the following example of data management in a Human Resources organization. Any HR organization contains information such as the following.
    • Employee records: These include personal details like names, addresses, phone numbers, and email addresses.
    • Prospective interview candidate records: Contains candidate names, interview dates, and times.
    The entities involved in this example could be:
    • Internal departments such as Talent acquisition, Recruiters, People Management teams.
    • External tools and applications to track time off, benefits, and so on.
    When a new candidate registers, their personal information is entered into the HR organization's database. This information is shared with the administrative staff for appointment scheduling. Data lineage helps track the flow and transformation of data through various processes. In this example, the following could be a workflow:
    1. Candidate registration:
      • A person registers on the careers portal and submits their resume.
      • The candidate's details such as name, email, phone number are entered into the applicant tracking system (ATS).
    2. Scheduling an interview:
      • The Talent Acquisition team selects the candidate for an interview and enters the interview date and time into the calendar application.
      • The calendar application sends an email to the candidate with the interview details.
    3. Conducting the interview:
      • The recruiters access the candidate’s profile on the ATS, review the resume, and conduct the interview.
      • Post-interview, they add their feedback to the candidate's ATS profile.
    4. Hiring process:
      • The candidate is selected for the position.
      • The candidate details are transferred from the ATS to the HR database, and additional information is collected and updated.
      • The HR database uses other external applications to create the candidate’s employee profile, including time-off records and benefits information.

    By establishing a data lineage, the HR organization can track where each piece of personal data originates, how it’s processed, and where it’s shared. Understanding the data flow helps identify potential privacy risks, such as unauthorized access or data breaches at any point where data is shared. By establishing the data lineage in this way, the HR organization can ensure that they’re aware of all points where personal data is exchanged. This understanding helps them implement appropriate safeguards to mitigate privacy-related risks.