Processing activities – what should be considered?

von Ramona

“More paperwork, more documentation. That is just a hindrance and does not help anyone ”. Most likely react in this way or something similar when it comes to keeping a record of the processing activities that, according to Article 30 GDPR, must be kept in every organization and company as soon as personal data is processed. Article 83 GDPR creates an additional “monetary incentive” to act. Who would like to receive a fine because data protection has not been complied with? The loss of image due to publications is often greater than the resulting financial damage.

Approach the matter with the right eye

If one regards this legal requirement for the management of processing activities not as a chore, but as an aid, one can integrate the processing activities very well into the organizational or company management system. In addition, the content required by the GDPR gives a good overview of some activities in which personal data is processed. A comprehensive overview of such activities is often not yet available. In this way, you can create the necessary data protection processes step by step based on this.

Approach to processing activities

But how do you start? Some data protection authorities in the federal states provide initial help in the form of sample forms for various activities. In the meantime, there are also some companies that have specialized in the subject of data protection and provide support in the creation of processing activities – you can find a link to the sample forms here.

If the processing activities are known and available in written or electronic form, inquiries from data subjects who want to exercise their rights can, for example, be processed more easily. These include the right to information, correction or deletion.

That’s exactly what each of us would like. Everyone is a data subject in one way or another and everyone wants to be able to exercise their rights with regard to data protection. Hopefully the organization or company keeps a good record of processing activities. In other words, it is well positioned to implement the GDPR. Ultimately, it’s about our concerns and our rights with regard to data protection.


That wish brings us back to the beginning of this article. Should you get annoyed about the “supposed additional effort” that arises from the requirements of the GDPR in everyday work, it will ultimately help each of us. This privilege of having a GDPR in which our data protection rights are clearly defined is almost unique in the world.

Our team consisting of lawyers, data protection experts and IT specialists will be happy to help you keep track of the legal basis and all topics related to the management of processing activities. We can provide you with external data protection officers or train your own specialists. For more information in this context, please contact your data protection team.


Ramona ist seit ihrer Ausbildung zur Kauffrau für Büromanagement bei uns tätig. Sie kennt deshalb unser Dienstleistungs-Portfolio sehr genau. Mittlerweile unterstützt sie unser Team nicht nur im Backoffice sondern steht unseren Kunden auch als zertifizierte Datenschutzbeauftragte mit Rat und Tat zur Seite. Service- und Lösungsorientierung, Flexibilität und Kompetenz stehen für sie an erster Stelle.