The documentation of processing activities and their relationships to processes, data, systems, as well as controller and processor entities is a key element of any GDPR project.
Prerequisites
You have the required license privileges and function privileges to use ARIS Architect or ARIS. For detailed information, refer to the ARIS Administration online help and the ARIS Architect online help.
ARIS GDPR method enhancement filter is imported. For detailed information, refer to the ARIS Accelerators for GDPR Installation Guide.
Procedure
Prepare the respective data objects, systems, processes, and organizational units. Use objects of the types Organizational unit, Cluster/data model, Application system type, and Function to model the elements in ARIS Architect.
Create the necessary inventory models for the processing activities by using the Record of processing activities model type, for example, for each business segment or country.
Specify the relevant GDPR attributes for the objects according to your specific requirements. To do so, use the following applications:
ARIS Architect
Use ARIS Architect if the users are familiar with ARIS Architect. To use ARIS Architect for modeling, you need extensive knowledge of modeling conventions and ARIS Method, as well as the ARIS GDPR method enhancements. Processing activity inventory models (Record of processing activities model type) can be created only with ARIS Architect. For more information on modeling and managing ARIS objects and attributes, refer to ARIS online help, ARIS Method Help, and the GDPR Conventions for ARIS Accelerators manual.
ARIS
Use ARIS if the users are unfamiliar with ARIS Architect and prefer simple tables and forms for modeling and information gathering. For detailed information on editing objects in ARIS, refer to ARIS online help (Which editing options are available?).
The relevant models, objects, and attributes for GDPR are available.