Modal
Menu

10.5 Extract relevant information and statistics about the recipient management by using the TPOmap Dashboard

10.5.1 Provide a clear status of your DPIA’s implementation status and the Risk analysis performed

The metrics that are important for the Module 4 – Recipient management are the following:

  • CPAs implementation status

This counter will display the number of Controller Processor Agreements already implemented with data processors out of the total number of CPAs needing to be implemented with all data processors.

Implementing CPAs with data processors and recording this information in the corresponding Processing sheets Chapter 9 – Data Recipients in the Cell – Transfer formality will raise this counter.

  • Joint controller implementation status

This counter will display the number of Joint Controller Agreements already implemented with joint data controller out of the total number of Joint Controller Agreements needing to be implemented with all joint data controllers. Implementing Joint Controller Agreements with joint data controllers and recording this information in the corresponding Processing sheets Chapter 9 – Data Recipients in the Cell – Transfer formality will raise this counter.

As a standard, these counters take count of ALL Processing sheets.

It is however possible, thanks to the “Scope” menu of the Dashboard, to take only count of:

  • The Records of a specific processing entity;
  • The Records of validated or not validated Processing sheets ;
  • The Records pertaining to one or more selected Processing sheets;
  • The Records pertaining to a specific area of activities of your organization;
  • The Records pertaining to processing activities that present a high level of risk;
  • The Records pertaining to one or several data subjects;

The Records pertaining to Processing sheets with a specific status.

For more information on how to use the “Scope” menu, please refer to Part 10.1.2.1.

10.5.2 Allow to easily select and download relevant information

By using the information displayed in this module, you will be able to:

  • Identify processing activities without contracts required for complying with art. 26 and 28 GDPR;
  • Provide lists of data processors and joint controllers and identify implementation status of contracts required for complying with art. 26 and 28 GDPR.

You can then prioritise your actions and make your processings safer by implementing art. 26 & 28 contracts accordingly. To access the information displayed in this module, please click on the “Recipient management” title button of TPOmap Dashboard, you will be led to a window providing you with an overview of all the informations about your CPA’s and Joint Controller Agreements documented in your GDPR Record.

Thanks to the overview list, you can see – for every recipients – the following information:

  • The processing entity and the processing sheet numbers where the data recipients is mentioned ;
  • The location of the recipient ;

If a contract is in place or not.

10.5.2.1 CPA & Joint Controller Agreement information

The Recipient contract management Dashboard page will allow you to have an overview of thedetails of the Implementation status of the applicable contract for each recipient.

By clicking left on any of the column’s name in the overview window, you can order the list by the corresponding category.

Example: List of recipients ordered by the location. In that case the recipient located outside of the EEA are listed before the other recipients.

If you want to have a more efficient view, it is possible to expand the overview window by using the fo cus mode.

Please refer to Part 10.2.2 for more information about the focus mode.

The left counter in the upper left windows will provide information on how many data processors have their CPAs already implemented and recorded out of the total number of CPA’s that still need to be implemented.

Example: In that case 3 data processors have their CPAs implemented and 5 others data processors required at least one CPA to be implemented.

The right counter in the upper left windows will provide information on how many joint data controllers have their Joint Controller Agreements already implemented and recorded out of the total number of Joint Controller Agreements that still need to be implemented.

Example: In that case 3 joint data controllers have their Joint Controller Agreements implemented and 1 other joint data controller required at least one Joint Controller Agreement to be implemented.

By clicking on the relevant parts of the pie charts in the left window, you will be able to filter the list of processings in the overview window by the implementation status of your choice.Example: List of data processor for which none CPA’s have been mentioned.

! Please note that only one filter can be applied at any time, by clicking on a new part of a pie chart, all previous filters will be cancelled to display the corresponding new one

Please click once on the currently selected filter to cancel it and view the complete list of recipient.

10.5.2.2 Recipients and contracts lists implementation

The four buttons in the bottom of the page will allow you to display respectively

  • A complete list of all data processors recorded in the GDPR Record processing sheets.
  • A complete list of all joint data controllers recorded in the GDPR Record processing sheets.
  • A complete list of all recipients outside of the EEA recorded in the GDPR Record processing sheets.
  • A complete list of all contracts to be implemented with the data processors and joint controllers with whom no contracts (transfer formality) has been fill-in in the processing sheets.

This information can be used to keep track of all the recipients with whom an appropriate contract has not been implemented yet and which processings would be covered by such contract. The implementation of contracts concerning high risk processings, a large number of processings and a data processor located outside the EEA would be advised to be made a priority.

Example: In that case, 5 contracts have not been implemented yet. The implementation of contracts with Amazon and Microsoft would be advised to be made a priority because they are both data processor located outside the EEA and they cover at least 5 processings each.

As in any overview window in TPOmap, each list can be ordered by any category by clicking left on the respective column name.