GDPR Records of Processing Activities for Data Controllers

Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section Pub Date : 2021-12-01 DOI:10.2478/bipie-2021-0019

Cătălin Mironeanu, Cristian Aflori

{"title":"GDPR Records of Processing Activities for Data Controllers","authors":"Cătălin Mironeanu, Cristian Aflori","doi":"10.2478/bipie-2021-0019","DOIUrl":null,"url":null,"abstract":"Abstract Data controller organizations are required to keep an up-to-date and detailed list of their processing activities and be prepared to show that list to regulators upon request. This list should include at least the purposes of the processing, the target data and all the parties involved in handling that data. We present a solution for organizing all these information into both relational and non-relational document-oriented databases to facilitate such reports. A technical approach of auditing the implementation degree of the rules introduced by the EU GDPR will better prepare the data controllers in complying to this Regulation. We consider a top-down methodology for processing raw data addressing several types of organizations, with different organizational structures. For all these entities we focus on processes, activities, classes of documents collected and personal data. All these data constitute the basis of the “Records of processing activities” required by the Regulation.","PeriodicalId":330949,"journal":{"name":"Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/bipie-2021-0019","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Abstract Data controller organizations are required to keep an up-to-date and detailed list of their processing activities and be prepared to show that list to regulators upon request. This list should include at least the purposes of the processing, the target data and all the parties involved in handling that data. We present a solution for organizing all these information into both relational and non-relational document-oriented databases to facilitate such reports. A technical approach of auditing the implementation degree of the rules introduced by the EU GDPR will better prepare the data controllers in complying to this Regulation. We consider a top-down methodology for processing raw data addressing several types of organizations, with different organizational structures. For all these entities we focus on processes, activities, classes of documents collected and personal data. All these data constitute the basis of the “Records of processing activities” required by the Regulation.

查看原文本刊更多论文

GDPR数据控制者处理活动记录

数据控制者组织需要保持其处理活动的最新和详细的列表，并准备在要求时向监管机构展示该列表。该清单应至少包括处理的目的、目标数据和处理该数据所涉及的所有各方。我们提出了一种解决方案，将所有这些信息组织到面向关系和面向非关系文档的数据库中，以促进此类报告。审计欧盟GDPR引入的规则实施程度的技术方法将更好地为数据控制者遵守该法规做好准备。我们考虑了一种自上而下的方法，用于处理具有不同组织结构的几种类型的组织的原始数据。对于所有这些实体，我们重点关注流程、活动、收集的文件类别和个人数据。所有这些数据构成了法规所要求的“加工活动记录”的基础。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Bulletin of the Polytechnic Institute of Iași. Electrical Engineering, Power Engineering, Electronics Section

自引率

0.00%

发文量