DSGVO: Who needs to perform a processing directory?
The DSGVO is not formulated in all the points clearly. Some areas allow room for interpretation.
- According To Article 30, Para. 5 DSGVO must lead companies with less than 250 employees, is actually not processing the directory. However, this statement is limited by exceptions.
- You process personal data more than just "occasionally", you must lead such a list, even if the company has only a few employees. Which means "occasionally," exactly, is not executed in the Set, however.
- In addition, companies are obliged to Lead the list, when the data are particularly sensitive. This is, for example, in the case of health data or criminal convictions in the case. So, for example, Doctors or lawyers are concerned.
- A risk for the rights and freedoms of data subjects, the data, you must also have a processing directory. This circumstance is, for example, in the case of reviews and profile of the case findings.
- So you run about a supplier or customer database, or managing employee data committed to the data protection law you to Run a processing directory.
- You can therefore assume that the exemption from the documentation obligation will apply only very rarely.
- What is the General data protection regulation actually is, we declare by the way in detail in another practice tip.
DSGVO: processing directory (image: Pixabay)
Data protection: The need to include the DSGVO processing directory
In article 30 of the DSGVO is set, what are the minimum requirements for a processing directory.
- First of all, the directory must have the name and contact details of the person responsible.
- In addition, the purpose of the processing must be mentioned, and the categories of data subjects and the categories of personal data will be described.
- Also listed are the categories of recipients to whom the personal data are to be disclosed.
- In addition, the processing directory must be informed about the envisaged time limits for Erasure of the individual data categories.
- If possible, the Documentation requirement, a description of the organisational and technical measures that are used to collect the data.
- A template for the creation of the processing directory you will find, for example, the professional Association of data protection officers in Germany.
So you as a website operator know what you need to consider in our next practice tip with a DSGVO check list.
