In some cases, you must keep a record of your personal data processing activities which includes, among other things, information about the purposes of the processing, the categories of personal data subjects, the categories of personal data, the categories of recipients of personal data, the transfer of personal data , the deadline for deleting personal data, technical and organizational measures. This type of record is an excellent way to establish control over the processing and movement of personal data within your organization. Keeping this information in one place facilitates compliance with the Personal Data Protection Act.
| Example | Video surveillance system |
|---|---|
| Controller | Company LLC |
| Category of subjects and category of personal data | Video recordings of visitors to Company DOOEL, which contain physiognomic features of a person. |
| Purpose | Protection of property, protection of the lives and health of employees due to the nature of the work being performed |
| Recipient | Company HL LLC |
| Data deletion deadline | 30 days |
| Technical and organizational measures | A separate act on the way video surveillance is performed (eg, authorization to access recordings, automated system of records (logs), transparency), password-protected system, employee training, etc. |
| Transfer of personal data |
/ |
