Published Online: Sep 22, 2022
Page range: 9 - 24
Received: Dec 10, 2021
Accepted: Dec 28, 2021
DOI: https://doi.org/10.2478/bipie-2021-0019
Keywords
© 2021 Cătălin Mironeanu et al., published by Sciendo
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Data controller organizations are required to keep an up-to-date and detailed list of their processing activities and be prepared to show that list to regulators upon request. This list should include at least the purposes of the processing, the target data and all the parties involved in handling that data. We present a solution for organizing all these information into both relational and non-relational document-oriented databases to facilitate such reports. A technical approach of auditing the implementation degree of the rules introduced by the EU GDPR will better prepare the data controllers in complying to this Regulation. We consider a top-down methodology for processing raw data addressing several types of organizations, with different organizational structures. For all these entities we focus on processes, activities, classes of documents collected and personal data. All these data constitute the basis of the “Records of processing activities” required by the Regulation.