search
Where Thought Leaders go for Growth
Reference a solution

It's easy to ensure your compliance with an example of a completed RGPD register!

It's easy to ensure your compliance with an example of a completed RGPD register!

By Jennifer Montérémal

Published: 27 October 2024

Keeping an RGPD register is one of the sine qua non conditions for complying with the established rules... provided you know where to start and how to go about it 😉

So here's some essential information, plus an example of a completed RGPD register to guide you!

Don't forget: the obligation to process personal data can turn into a real winning strategy for your business!

Example of a completed RGPD register: a practical illustration

An example of a properly completed RGPD register proves very useful to help you produce a complete and comprehensible document, containing all the information relating to data processing.

💡 Looking for a template? The CNIL has made one available here.

This document, provided free of charge, offers a clear framework that meets the criteria established by the Commission Nationale de l'Informatique et des Libertés. It is a valuable educational resource for company directors, compliance officers and those responsible for personal data.

☝️ As a reminder, the RGPD register:

  • provides an exhaustive record of the various data processing operations carried out;
  • is intended to be consulted by those responsible for compliance or personal data.

What should a completed RGPD register contain?

According to CNIL guidelines (2023), a completed RGPD register must systematically contain the following key information:

  • the contact details of the data controllers: this involves clearly identifying the person or entity that has authority over the data processing;

  • the purposes of the processing: the precise reasons for which the data is processed must be explained, avoiding any ambiguity;

  • the categories of personal data and recipients: these categories group together the types of data collected and the entities that will have access to them, justifying the need for such sharing;

  • the time limits for deleting the various categories of data: each category of data must have a retention period defined by compliance with legislation or the company's operational needs;

  • a general description of the technical and organisational security measures: this involves notifying the systems put in place to secure the data, such as encryption, firewalls, employee training and other access controls.

☝️ To ensure that the register of data processing activities is effective, each processing sheet must contain all the information needed to meet compliance requirements, and be sufficiently clear and comprehensible to make it easy to analyse and interpret the information.

How do you fill in a RGPD register properly?

The creation of an RGPD register begins with a detailed analysis of the personal data processing processes within the company.

Here are a few steps to follow, recommended by the government portal France Num:

  1. Identify the processing of personal data: the processing activities must be listed and detailed. This covers everything from collecting customer information to archiving or deleting it.

  2. Document each processing operation: for each activity identified, a processing file must be created in the register. This sheet will contain the information required by the CNIL (purposes of processing, categories of data processed, retention periods, etc.).

  3. Establish security measures: you must analyse and record the security procedures and tools put in place to protect the data. To this end, the CNIL offers a guide to the security measures to be incorporated.

  4. Plan updates: as regulations and company activities change, the register needs to be updated regularly to maintain its relevance and accuracy, as the CNIL indicates on its website.

  5. Organise regular audits: these are essential to ensure the accuracy of the register and check the effectiveness of security measures.

💡 Tip: to help you with these tasks, you can rely on dedicated software, which is handy for saving time and avoiding costly mistakes.

This is what Witik, a comprehensive RGPD compliance platform, offers in particular. In particular, it includes a function dedicated to the automatic generation of perfectly compliant registers, based on a model designed by a law firm. These registers can be customised to suit your company's specific requirements, and artificial intelligence technology helps you to draw up your processing records more quickly.

RGPD register: focus on employee training and user rights management

Once you have created a register of processing activities in accordance with the obligations of the RGPD, it is worth highlighting an often underestimated but fundamental aspect: the ongoing training of teams in RGPD matters.

The CNIL offers a range of resources for developing the understanding and skills needed to meet the challenges of data protection, including:

  • online training and practical guides;
  • the latest regulatory news adapted to various sectoral aspects.

A completed GDPR register should also reflect a company's approach to managing data subjects' rights.

Each register should detail the processes in place to respond effectively - and transparently - to requests from individuals exercising their rights under the GDPR, such as the right of access, rectification, and deletion of their personal data.

This demonstrates not only technical compliance, but also a user-centric approach. Ultimately, the RGPD register is based on respect for individual rights and building a relationship of trust with your customers.

What you need to know about the example of a completed RGPD register

The RGPD register is a cornerstone of compliance in any business. It accurately documents the processing of personal data. Its value lies in the accuracy of its contents and the thorough knowledge of its purpose by those who manage it.

A well-kept register reflects the company's rigour in data management and demonstrates its concern for security and transparency. By updating it regularly, you are demonstrating not only that you comply with the rules in force, but also that you are committed to protecting users' personal information.

Managing an RGPD register can be complex, which is why many software solutions allow you to simplify this process, from automating the keeping of the register to updating information in real time.

Article translated from French