2.4 Maintenance
Since data protection compliance is an ongoing process, the record of processing activities needs to be maintained and kept up to date.
In order to support this process, TPOmap proposes the following features:
2.4.1 Set-up of specific folders for official, not official and archived processing sheets
Records of processing sheets should be reviewed with an organisation’s Data Protection Officer or Data Protection Manager (see below) at a frequency stipulated in the organisation’s Privacy Management Policy but at least once per year.
To structure these (annual) reviews, the TPOmap Documentation Depository allows Data Business Owners to create new processing sheets between two annual reviews and to store them in a dedicated folder called “not official”.
In such a way, the documentation to be reviewed during the (annual) review can be prepared in advance and the review process will be more efficient.
Once the review is finished, the definitive processing sheets will be moved into the “Official” folder, while the outdated sheets will be transferred to the “Archive”. For a detailed explanation of the different folders revert to the Part 5 of this Guide.
2.4.2 Possibility to create “not official” Processing sheets as part of a Privacy by design process
In order to support an organisation’s Privacy by design process, it is possible to use the processing sheet template as a starting point.
Staff members may be requested to complete and submit it to the DPO/DPM for validation before the processing starts.
2.4.3 Possibility to store information about trainings, incidents or requests
The TPOmap Documentation Depository may as well be used to store information about specific events, such as:
- security incidents,
- data breaches,
- requests from data protection authorities
- requests from data subjects and
- trainings.