nlenbe-nlThe best software for quality and risk management.

Since 25 May 2018, the General Data Protection Regulation has been in force. One difference from the law before, is the processing of personal data and the privacy involved. As a result, processing personal data can be challenging for companies. A processing register gives organisations insight into which personal data are being processed. In addition, a processing register also shows why these personal data are processed, where they are processed and whether a processing agreement is in place.

When the personal data authority comes to inspect, you should always be able to justify yourself as an organisation. Incorrectly processing personal data can be seen as a violation of the privacy of the person to whom the data belongs. Working with a well-maintained processing register prevents incorrect processing of personal data, and thus possible fines.

The processing register 

There must always be a legitimate reason to process personal data in a processing register. Personal data may only be processed when the person in question has given his or her own consent. In addition, at least one of the following bases must be in force to be allowed to process personal data.

The processing of data is necessary to…

  • To comply with the rules around mandatory processing of personal data;
  • Consider the processing of personal data by the tax authorities.
  • Execute an agreement;
  • Protecting vital interests;
  • Perform a task of public interest or public authority;
  • Pursue legitimate interests.

What does a processing register contain?

If you are a controller of personal data, under the AVG legislation you must include the following information in your register:

  1. Name and contact details
    1. From your organisation, or your organisation’s representative;
    2. From other organisations with whom you have established common goals, or with whom you jointly process data;
    3. From the appointed data protection officer within your organisation;
    4. From the international organisations with whom you share personal data.
  2. Purposes
    1. It should always be clear why you are processing personal data. This could be for recruitment and selection, but also for product delivery or marketing activities.
  3. Involved parties
    1. Name the categories of people whose data are being processed. These could be customers, or patients or clients. But also consider hired external employees.
  4. Personal information
    1. Name what kind of personal data you process. For example, social security numbers, name and address details, telephone numbers and e-mail addresses, visual material (photos, videos) and/or IP addresses.
  5. Retention periods
    1. It should be clear when you will delete data
  6. Receivers
    1. To whom do you provide personal data? Also divide these recipients into categories.
  7. Outside the EU
    1. If you share personal data with countries or international organisations outside the EU, this should also be described. Definitely important to keep in mind because outside the EU, different laws apply which treat personal data differently.
  8. Safety
    1. Name the ways in which your organisation ensures that the personal data you process is processed securely. These can be technical or organisational measures.

Is your organisation a processor of information because you work with personal data on behalf of others? Then you only need to state name and contact details, processing operations, international transfer, outside the EU and security in your processing register.

The convenience and advantage of working with specialised software

So because it is important to handle all stored information accurately, it is smart to work with software that specialises in secure document storage. After all, you shouldn’t think about all your privacy-sensitive personal data accidentally being out on the street due to a data breach, right?

This means that the software you work with should help you prevent data breaches, for example through document encryption.

In addition, the software itself must also comply with AVG legislation. By this we mean that it is important, for example, that personal data is not sent to servers in the United States. The privacy laws there are very different from those in the EU, which means that software that does send this data does not comply with the AVG.

It is also very good if correct document management is applied. After all, the moment the Personal Data Authority knocks on your door for text and explanation, you want to be able to produce the most accurate and latest version of documents quickly and without doubt. This saves you time and worries, and avoids the risk of fines.

Want to learn more about Zenya?

Request the brochure to have all information conveniently at hand.

Download the brochure about Zenya Software - Software for Quality and Riskmanagement

Free demo available

Want to see what Zenya can do for your organisation? Request a free demo.

Want to know more about what Zenya can mean for your organisation?

Request a free demo, so that we can discuss the possibilities.