How to create a process

During this stage, the overall process activity is defined. This includes determining the process name, creating a description of the process, specifying the process inputs and outputs, and identifying any applicable constraints or business rules that must be followed.

1. Go to Privacy Ops and select RoPA.

1. This will open the following window as shown in Fig 2.

2. Click on New Process.

1. A pop up window will appear as shown in Fig 3. Fill in the boxes with the appropriate details.

1. When you click on RoPA Template, a drop down box will appear as shown in Fig 4.

1. Select the appropriate template and click on Next to proceed.

2. The following window will appear as shown in Fig 5.

1. At this stage you can add collaborators. Who are collaborators? The process owner may know only part of the information, but for some questions/sections, they need more help from other people. These people are the collaborators.

2. If you don’t want to add collaborators at this stage, click on Proceed To Process. The following window will open as shown in Fig 6.

1. A quick summary of all the options that are available at this stage as shown in Fig 5 and 6.

• Process name: The name given to a specific process or set of processes that involve the processing of personal data.

• Description: A brief, clear, and up-to-date overview of the process or set of processes that involve the processing of personal data.

• Process group: A grouping of processes that serve a common purpose or function, such as those related to Management, Support, Operations or Custom.

• Automated processing done as a part of this process: Automated data processing is the creation and implementation of technology that automatically processes data.

• Description of automated processing: This refers to a detailed account or narrative outlining the methods, procedures, and techniques used in the automated processing of personal data. This description encompasses various aspects of automated processing, including data collection, storage, analysis, profiling, decision-making, and any other activities performed by automated means, such as algorithms, machine learning, or artificial intelligence.

• Purpose: The reason for processing personal data, such as Providing Support, Fulfilling a Contract, Customer Onboarding or Custom as well.

• Lawful basis: The legal justification for processing personal data under the GDPR, such as Legal requirements, Legitimate interest, Performance of a contract, Public Interest, Vital interest, Consent or Custom as well.

Controllers & Processors: To fill out the Controllers & Processors details, identify your role in the processing of personal data and provide the relevant details. The options include:

• Controller: An entity that determines the purposes, conditions, and means of the processing of personal data.

• Joint Controller: Two or more controllers who jointly determine the purposes and means of processing personal data.

• Processor: A processor is an entity that processes personal data on behalf of a controller, based on their instructions. They are required to implement appropriate technical and organizational measures to ensure the security and protection of the personal data they process.

Sub Processor: A sub processor acts under the instructions of the processor, meaning that they may process individuals' personal data on behalf of the processor.