Skip to content

Data Protection Management🔗

The Data Protection Management module supports you in implementing the EU General Data Protection Regulation (GDPR) and other data protection requirements.

Overview🔗

The Data Protection Management module offers the following core functions:

📋 Scopes🔗

Definition of the scope for data protection activities – analogous to scopes in other modules (ISMS, BCM).

📝 Record of Processing Activities (RoPA)🔗

Central documentation of all processing activities in accordance with Art. 30 GDPR. Recording of: - Purpose of processing - Categories of data subjects and personal data - Recipients - Third-country transfers - Retention periods - Technical and Organizational Measures (TOMs)

📊 Threshold Analysis🔗

Assessment of processing activities based on defined criteria to determine whether a Data Protection Impact Assessment (DPIA) is required.

🔍 Data Protection Impact Assessment (DPIA)🔗

Systematic assessment of high-risk processing operations in accordance with Art. 35 GDPR. Documentation of: - Risk description - Necessity and proportionality - Risks to rights and freedoms - Remedial measures

🗑️ Deletion Concepts🔗

Planning and documentation of retention periods and deletion routines for personal data in accordance with Art. 17 GDPR.

🤝 Processors🔗

Management of data processors (Art. 28 GDPR) including contract status and compliance monitoring.

Workflow🔗

The typical workflow in Data Protection Management:

  1. Define scope → Specify which parts of your organization are covered
  2. Create RoPA → Document all processing activities
  3. Threshold analysis → Assess whether a DPIA is required
  4. Conduct DPIA → Detailed impact assessment for high-risk processing
  5. Deletion concepts → Define retention periods and deletion processes
  6. Processors → Manage external service providers and their contracts

Integration with Other Modules🔗

Data Protection Management is closely integrated with:

  • My Organisation → Persons, processes, and assets are referenced in the RoPA
  • Findings & Actions → Actions derived from DPIAs or audits
  • ISMS → Technical and Organizational Measures (TOMs) from ISO 27001
  • Document Management → Contracts, policies, privacy notices

The module is primarily based on:

  • EU GDPR (Regulation (EU) 2016/679)
  • BDSG (German Federal Data Protection Act)
  • Guidelines of the German Data Protection Conference (DSK)
  • Recommendations of the EDPB (European Data Protection Board)

Getting Started🔗

  1. Define a scope for your data protection activities
  2. Create initial entries in the Record of Processing Activities
  3. Carry out a threshold analysis for new processing activities
  4. If required: Document processors and their contracts

Data Protection Management Overview

Views🔗

Data Protection Management Overview

RoPA Form

RoPA with Data

Threshold Analysis

DPIA

Deletion Concepts

Processors