Article 30 of The GDPR contains explicit provisions about documenting your processing activities. You must maintain records on several things such as processing purposes, data sharing and retention.
GDPR Mentor enables you to record all of this information in a structured, simple, auditable and logical manner.
APIs are also available to integrate with other systems such as SalesForce, ServiceNow or any source with an API.
Departments and Roles
Configure the Departments and Roles that are within your organisation.
Departments are used to allocate processes too, enabling you to run reports showing all processes owned by a particular department.
Roles are used to assign process owners, and also in data processing activities, to record who is creating, reading, updating, deleting, printing, sending or receiving data.
Data Types and Attributes
What types of data are you using within your organisation.
Data Entities such as Employee, Customer, Patient, Pupil etc. are the types of people that you process data for.
Data Attributes such as First Name, Address, Religion, Medical Conditions etc. are recorded to help identify what Sensitive Personal Data you process within your processes.
What Companies are you interacting with within your organisation.
Companies are required to record where you get data from and who you send it to.
Companies can also own Systems and Physical Storage Locations that you use to store your data. During the Assess stage you will be taken through an assessment of each Company
What Physical Storage locations do you use.
GDPR covers paper records therefore you will need to understand where these records are kept.
These storage locations, possibly owned by a third party (e.g. off-site archive), will be located in a Country and contain security measures.
Systems, Electronic Documents and Paper Files
What Systems are you using within your organisation.
Systems are used to store and process data. These can be formal software solutions, spreadsheets, documents, paper and even integration tools that automate the transferring of data.
Each system will undergo a Technical Assessment to assess whether or not the system is fit for managing the data contained within.