The GDPR requires the HWR Berlin, as the controller of personal data, to maintain a processing directory. This is a written documentation of the processing activities in which personal data are processed. Before starting a new processing activity, a corresponding entry must be made in the processing directory.
This “Directory of Processing Activities” (Article 30 DSGVO or §56 BlnDSG) must list all essential data processing information. Among others, these are:
- Types and categories of data
- Circle of data subjects
- Purpose of the processing
- Risks of the processing
- Technical and organizational measures taken
The respective HWR specialist managers are responsible for documenting the processing activities that take place at their company and for regularly checking that the documentation is up to date. The overall register of processing activities is maintained centrally by means of software in IT.
A web application is available for the decentralized recording of processing activities. The application guides the user through the collection process via a workflow. A completion aid is available for each data field.