Privacy - Set up a processing register
According to the General Data Protection Regulation, all organizations and associations within the European Union are required to keep a processing register. This register contains information regarding the personal data that are being processed by the association.
In the Organization, the processing register can be easily set up and exported. To do this, go to ‘Privacy’ in the Organization tree.
A processing register contains three elements: officers, data subjects and processors.
- An officer is a ‘Data Protection Officer’ (DPO). The DPO supervises the application of and compliance with the GDPR.
- Data subjects include categories of persons of which personal data is being processed, e.g. ‘Applications’ or ‘Members’.
- Processors are other companies that process information for your association, such as Genkgo.
Adding elements
Officers
Click on ‘Add’ in the toolbar and choose ‘Officer’. Type in the name of the DPO. This has to be a person in the Organization. A list of several suggestions appears. Select the correct person. The begin date and end date are optional, but it may be convenient to fill in these dates if the DPO is a different board member each year. It is possible to add former, current and future officers. Click ‘Save’ to confirm.
Data subjects
Click on ‘Add’ in the toolbar and choose ‘Data subject’. Type in the name of a folder in the Organization, e.g. ‘Members’. A list of several suggestions appears. Select the correct folder. Next, fill in the begin date and optionally the end date. Behind ‘Basis for processing’, fill in the basis on which personal data of these data subjects is being processed. Behind ‘Purpose’, fill in the purpose of processing information of these data subjects, e.g. mailings, collecting fees, etc. Click ‘Save’ to confirm.
Processor
Click on ‘Add’ in the toolbar and choose ‘Processor’. Fill in the name of the company. This has to be a company in the Organization. A list of several suggestions appears. Select the correct company. Next, fill in the begin date and optionally the end date. Behind ‘Purpose’, fill in the purpose for which the company processes personal data.
You can fill in additional information under ‘Provision of personal data’. Behind ‘Location’, indicate whether the company is located inside the EU, which is important information regarding the GDPR. You can also set a retention period for the information of the company. Behind ‘Security’, you can indicate how the company protects data. If relevant, a contract with the company can be uploaded under ‘Processing agreement’. Click ‘Save’ to confirm.
All officers, data subjects and processors that have been created are displayed in the overview. The overview shows the name, type, begin date and end date, and any uploaded contracts can be downloaded here (click on the green arrow to download).
To view only active elements, click ‘Only actives’ in the toolbar. To switch back to all, click ‘Include inactives’.
Delete
To delete DPOs, data subjects or processors, simply click on 
on the right of the element. Then click on ‘Delete’ to confirm, or ‘Back’ to cancel.
Export
To export the processing register, click on ‘Export’ in the toolbar. You can specify which information exactly you want to export behind ‘Type’. Available options are to export only the processing register, or to export a complete dossier, including contracts. Click ‘Export’. The file will be downloaded in PDF format. If you choose to download a complete dossier, a zip-file will be downloaded.
More information
You can find more information about the accountability aspect of the GDPR on the website of the GDPR.