¶ Create or Edit a Processing activity
In this page, you may create or update a Processing Activity.
¶ Context
In SENTINEL, the information related to each of your Processing Activities is arranged into 9 discreet data groups, or tabs:
- PA identity and basic data: In this tab you can enter basic information that characterises the activity.
- Processing purpose: Describe the purpose and lawful basis for the processing of personal data
- Data subjects: Define which natural persons are subject to personal data processing in this Activity and identify vulnerable or sensitive subjects
- Data: Define what type(s) of data are handled within the context of this Processing Activity and identity sensitive data
- Recipients: Define the recipients of the data in this Activity - post processing
- Risks: Identify additional criteria that increase the processing risk for subjects/individuals
- GDPR compliance: Describe how consent, rights and personal data lifecycle are managed. Please note that this information is optional / not required, to complete and save your PA, and only considered by the GDPR Compliance Self-Assessment tool (GDPRCSA).
- Assets: Associate cyber assets with this Processing Activity, either by linking existing ones from your asset inventory or by creating new ones. This PA-specific cyber assets input is optional / not required, to complete and save your PA, and only considered by the cybersecurity risk assessment tool (CSRA).
- Measures: Identify organisational and technical measures taken to increase the privacy and cybersecurity of this Processing Activity, for the protection of personal data. Please note that this information is (a) pertaining to this specific PA, not the organisation as a whole; (b) optional / not required, to complete and save your PA; and (c) required / used only to keep track of the implementation status (policy enforcement monitoring) of the OTMs applied in this PA, not for assessments or recommendations. If you are just beginning to use SENTINEL, we recommend that you browse through the ten (10) PA-specific OTM categories in this section to get a better understanding of the OTM structure and individual measures that might be recommended at every risk level, but you don't have to declare their implementation status for this PA, one-by-one, which could be a time-consuming process. You may complete this task at a later stage, after having reviewed you tailored recommendations.
¶ Procedure
- Click "Data Protection"/"Processing Activities" tab in the Main Menu
- In the Processing Activities screen click on the Add button, or select a specific PA and click on the pencil button
- In each tab, enter the information requested. You can browse through tabs clicking on Next or Previous buttons or go directly to a specific tab using the index on the left.
- At any point you can save the PA as a draft and continue later.
- By clicking on "Load from template" you can choose from a pre-filled processing activity
- Once ready, you can go to Step 9 (Assets) and click Submit.
- By clicking on the "pencil" icon you can edit a processing activity
- By clicking the "garbage" icon you can delete a processing activity
¶ Prerequisites
(Required) Create Organization Profile