Create inventories and describe assets

The documentation of processing activities and their relationships to processes, data, systems, as well as controller and processor entities is a key element of any GDPR project.

Prerequisites

Procedure

  1. Prepare the respective data objects, systems, processes, and organizational units. Use objects of the types Organizational unit, Cluster/data model, Application system type, and Function to model the elements in ARIS Architect.

  2. Create the necessary inventory models for the processing activities by using the Record of processing activities model type, for example, for each business segment or country.

  3. Specify the relevant GDPR attributes for the objects according to your specific requirements. To do so, use the following applications:

    • ARIS Architect

      Use ARIS Architect if the users are familiar with ARIS Architect. To use ARIS Architect for modeling, you need extensive knowledge of modeling conventions and ARIS Method, as well as the ARIS GDPR method enhancements. Processing activity inventory models (Record of processing activities model type) can be created only with ARIS Architect. For more information on modeling and managing ARIS objects and attributes, refer to ARIS online help, ARIS Method Help, and the GDPR Conventions for ARIS Accelerators manual.

    • ARIS

      Use ARIS if the users are unfamiliar with ARIS Architect and prefer simple tables and forms for modeling and information gathering. For detailed information on editing objects in ARIS, refer to ARIS online help (Which editing options are available?).

The relevant models, objects, and attributes for GDPR are available.