We will have a look into the data flow module to see if we can use it for our GDPR requirements.
One of the requirements is that we must make a Processing Record showing what processes we are using, that are using data-assets having personal data. An what type of personal data and so on…
As I can see the module there is not a link between assets and processes.
My question: How do others in the community comply with GDRP via eramba when we don’t have this link between processes and assets, or using eramba to be compliant with GDPR at all?
This is the meta data from our Processing Record to day:
• Legal basis
• Information obligation
Categories of data subjects and personal data
• Categories of data subjects
• Categories of personal data
• Categories of third parties
• Transfers to third countries
Technical and organizational security measures
• Retention time
• Data integrity controls
• Access control
• Log management
• Network and encryption
• Data discovery
Thanks for input