Process Landscape for Overview
To build my DSMS, I created an overview of the processes, documents and data flows of my business.
The DSMS contains all relevant processes, data flows and documents in a map so that questions can be answered quickly in the event of an enquiry by the data protection supervisory authority.
The process landscape is the basis for this. All necessary information is linked.
Documentation
The upper area represents the documentation level. The following documents are linked here:
- data protection guideline
- data protection guideline
- privacy statement
- processing directory
Tasks of my Data Protection Officer
This is followed by the relevant tasks of my data protection officer.
The data breakdown reporting process is very important here. This is linked in the landscape. It can therefore be "navigated through" and viewed.
IT, Compliance with Data Protection, Rights of Data Sufferer
The following is an overview of the used IT, the processes for compliance with data protection and the rights of data sufferers.
I have listed all relevant IT "systems" according to data person-related processing. These are linked to corresponding processing processes.
These processes describe how I comply with data protection. Data models are also linked. These data models show the entities used with the corresponding attributes. So I can see exactly which data is used in which processing.
TOM's and Security Package
In the "TOM's and Security Package", all information is summarized in a whiteboard and displayed in columns, sorted according to topics such as data security, data deletion, etc. This gives me an overview of the measures I have implemented that are relevant to my business.
Conclusion
Through this construct I have created a tool that contains all necessary information centrally and makes it available quickly.
ARIS model
