It is very important for a company or organization to keep a processing register in the GDPR or AVG legislation.
All the different processing activities are included in this register.
Is a processing register mandatory?
The law was drafted in such a way that if your organization has fewer than 250 employees, there is in principle an exemption for maintaining a processing register, unless it concerns:
Processings that carry a risk
Or processing of special or criminal personal data
So even though we apply this in practice, it can be concluded that (almost) all companies or organizations are required to document the processing of personal data in a register because within an organization there is always structural and reciprocal processing with regard to customer, supplier or personnel data!
What is a processing register for?
For the legislator, the processing register is a means of demonstrating that your company or organization is indeed complying with its obligations. Here you can see which personal data are being processed, for what purpose, how they are stored and who can be the next processor.
The persons whose personal data you process also have the right to view, correct and / or delete their data if this is justified.
Processing register for my branch!
Since every company or organization applies its own policy, the processing register is different for everyone. You can safely find various examples on the internet that you can work with, but where the legislator will not achieve its goal. Control of companies and organizations is something that everyone is confronted with and here too the information requested will not be sufficient without a thorough knowledge of the privacy law.