With new deadlines for the General Data Protection Regulation ("GDPR") coming into application across the European Union; You will be working to support a company-wide GDPR compliance project that includes, as a key work stream, a review of all data processing activities and the creation of a Record of Processing Activity.
The GDPR program requires a process analyst to carry out the following activities:
- Review business processes already documented (to level 3) and re-purpose these in order to provide the output necessary for analysing the processing of personal data in each process
- Work across the organisation to identify any potential gaps in the processes i.e. missing processes or changes to those processes since their construction.
- Create documentation for identified processes which have not yet been documented
- Identify external third parties involved in the processing of personal data.
- With the Legal and Regulatory team and the business, validate that a valid rationale exists for all data processing (on being provided with that rationale by Business)
- Document the necessary output of the process reviews
- Request validation of the data processing mechanism and (via the appropriate channel i.e. business stakeholder/processor or Technology department - where is systematically processed)
- Work with the Legal & Regulatory department to identify and create an inventory of personal data processing
- Plan out the repeatable mechanism for scheduling and conducting the process reviews/approvals process with the various organisational stakeholders.
- Upload the completed record of data processing activities to a dedicated cloud application.
- Work with the GDPR program to agree the in-life management of the processes and data processing recording.