Procedures and processes
The General Data Protection Regulation (GDPR) distinguishes between procedures and processes. Procedures refer to specific methods for processing personal data, while processes describe more general procedures or methods that are related to the processing of personal data. Both terms are explained in more detail below:
- Procedures: Procedures are specific steps or measures that are carried out when processing personal data. Examples of procedures are the transfer of data to third parties, the deletion of personal data or the obtaining of the consent of the data subjects. Procedures should be listed in the data protection declaration and should be comprehensible to the data subjects.
- Processes: Processes describe more general procedures or processes that are related to the processing of personal data. Examples of processes include the management of data breaches, the review of data access or the training of employees in the area of data protection. Processes should be documented and regularly reviewed and updated to ensure that they meet the requirements of the GDPR.
Both procedures and processes are important tools for implementing the requirements of the GDPR. By defining and documenting procedures and processes, it can be ensured that personal data is processed lawfully, transparently and in accordance with the principles of the GDPR.
The following procedures and processes are described in more detail in the "Procedures and Processes" sub-menu.
- Data protection impact assessment (DSIA)
- List of processing activities
- Deletion concept
- TOM - GDPR Article 32
