Processing activities
A processing activity is a record that processes personal data. Examples of such records can be a business process or a business application of an organization that has personal information. Processing activities enable the privacy management teams to understand how personal information is being processed or used.
To manage the privacy programs, use any business process or business application that is available as inventory or records in the Configuration Management Database (CMDB) to create a processing activity record. Each business process or an application is a separate processing activity. After the privacy teams understand how personal data is being used, they can work with the business owners who own the processing activity and help them to be compliant with the necessary privacy regulations.
- Name and contact information of the data controller and the data processor.
- Regulatory details such as data sensitivity, scale of data processing and so on.
- The purpose for which a processing activity is processing personal data. For example, lawful basis, legal obligations, and so on.
- Categories of data subjects and categories of personal data being processed. Examples of data subjects are customers or employees.
- Recipients with whom personal data is shared. For example, vendors or third parties and internal systems.
- Third parties in other countries and international organizations that receive the personal data.
- Privacy regulations, policies, risks, controls, and issues related to each processing activity.
- Key stakeholders of the processing activity such as the entity owners and others who are involved in the processing activity.