Create inventories and describe assets

The documentation of processing activities and their relationships to processes, data, systems, as well as controller and processor entities is a key element of any GDPR project.

Prerequisites

Procedure

  1. Prepare the respective data objects, systems, processes, and organizational units. Use objects of the types Organizational unit, Cluster/data model, Application system type, and Function to model the elements in ARIS Architect.
  2. Create the necessary inventory models for the processing activities by using the Record of processing activities model type, for example, for each business segment or country.
  3. Specify the relevant GDPR attributes for the objects according to your specific requirements. To do so, use the following applications:

The relevant models, objects, and attributes for GDPR are available.