The GDPR requires a record of processing activities that includes all processing activities of a legal entity as well as a minimum set of details. The requirements for the record of processing activities can vary from country to country.
For this purpose ARIS Accelerators for GDPR offers the Record of processing activities report. This report uses information from ARIS object attributes. Additionally, the Survey Management of ARIS Risk & Compliance Manager is used to gather report-specific information for each processing activity. ARIS Risk & Compliance Manager ensures the segregation of duties principle and offers an audit trail of any changes. For detailed information on this report, refer to Generate required internal and external reports.
Use the Processing Activity Documentation questionnaire to describe identified processing activities. This questionnaire template is a generic questionnaire template that can be customized.
The regulatory description is created with Survey Management of ARIS Risk & Compliance Manager. For each processing activity, you must perform two steps: