GDPR Data Compliance Use Case

Create your own architecture artefact. Powered with AI.

Browse Library
Select Template
Create Blueprint
gdpr compliance

Interactive Architecture Dashboard Preview

Improving GDPR Data Compliance

What is an overview of business processes to improve GDPR compliance?

use case gdpr business process landscape overview


For which processes (and supporting applications) do we have too little data insight yet?

gdpr process landscape use case


Creating GDPR Registers

GDPR makes it an obligation for every company to carry out the following tasks:

  • Setup and maintain a register of data processing activities (DPA)
  • To do a data protection impact assessment (DPIA)
  • Setup and maintain a register of data leaks (DL)
  • To show proof that the person concerned has permitted data processing when you need permission for processing.
  • To appoint a person as Data Protection Officer or, if not, explain why

Two of the tasks are about setting up and maintaining a register for data processing activities and data leaks.

The data attributes to registers

The following data attributes could be registered:

  • Data Processing activities
  • The reason for processing
  • Legal basis for processing
  • Documenting what is done
  • Involvements
  • Responsibilities
  • Accountabilities
  • Processed data
  • Data categories
  • Data Sources
  • Data Receiving Parties
  • 3rd Parties
  • Period of Data Retention
  • Data Processing Contracts
  • Data Processing Types
  • Information Systems and Software Applications that do the data processing
  • Necessity of Privacy Impact Assessment

Set up and Maintain a GDPR Register

It just takes six easy steps to set up and maintain a GDPR register.

  • 1: Edit the GDPR Data Template to your situation
  • 2: Enter the Data in the register
  • 3: Publish the Register to make it available for stakeholders
  • 4: Design the GDPR Register update and maintenance process
  • 5: Approve the process and appoint the concerned persons
  • 6: Set up GDPR Update and Maintenance Alerts.
gdpr general data protection regulation register

Here is a screenshot of a GDPR Register set up and maintained on the Dragon1 platform.

Completeness of Reports

Based on a detailed GDPR Excel report on compliance with the rules, you can project the current state and its progress on your process and application landscapes.

A General Data Protection Regulation (GDPR) overview, to be effective, should provide at least the following:

  • A common vocabulary
  • A list of business rules used
  • A set of systems and databases
  • Data objects and their sources
  • Process owners and data owners
  • Breaches of GDPR rules
  • Actions and measures to solve the breaches

By creating and generating GDPR landscapes and overviews, you ensure that your reports will be complete.

gdpr reporting

Four Best Practices

Four best practices we want to mention here for implementing GDPR are:

  • Prove that your data is always stored encrypted if possible (even if there is minimal performance loss).
  • Demonstrate that the location where your data (and backups) are stored (somewhere in a data center) is always known, for example, only in Europe.
  • Demonstrate that nobody (from outside the EU) can access your data without your explicit permission. Not even the data center administrators or the consultants.
  • Prove that you have a master key for decrypting your data in a database and that no one can know this master key that they should not have.