Since 25 May 2018, the General Data Protection Regulation has been in force. One difference from the law before, is the processing of personal data and the privacy involved. As a result, processing personal data can be challenging for companies. A processing register gives organisations insight into which personal data are being processed. In addition, a processing register also shows why these personal data are processed, where they are processed and whether a processing agreement is in place.
When the personal data authority comes to inspect, you should always be able to justify yourself as an organisation. Incorrectly processing personal data can be seen as a violation of the privacy of the person to whom the data belongs. Working with a well-maintained processing register prevents incorrect processing of personal data, and thus possible fines.
There must always be a legitimate reason to process personal data in a processing register. Personal data may only be processed when the person in question has given his or her own consent. In addition, at least one of the following bases must be in force to be allowed to process personal data.
The processing of data is necessary to…
If you are a controller of personal data, under the AVG legislation you must include the following information in your register:
Is your organisation a processor of information because you work with personal data on behalf of others? Then you only need to state name and contact details, processing operations, international transfer, outside the EU and security in your processing register.
So because it is important to handle all stored information accurately, it is smart to work with software that specialises in secure document storage. After all, you shouldn’t think about all your privacy-sensitive personal data accidentally being out on the street due to a data breach, right?
This means that the software you work with should help you prevent data breaches, for example through document encryption.
In addition, the software itself must also comply with AVG legislation. By this we mean that it is important, for example, that personal data is not sent to servers in the United States. The privacy laws there are very different from those in the EU, which means that software that does send this data does not comply with the AVG.
It is also very good if correct document management is applied. After all, the moment the Personal Data Authority knocks on your door for text and explanation, you want to be able to produce the most accurate and latest version of documents quickly and without doubt. This saves you time and worries, and avoids the risk of fines.