Data Processing Inventory

The main organizational challenge is the lack of cooperation between Data Protection Officer, Legal Services, IT, HR and Marketing, which is understandable given the complexity of the project and the variety of functions and departments involved.

However, without cooperation, there is no division of responsibilities between departments, which means a DPO should possess both technical expertise in order to implement compliance policies and understand data protection laws.

The reality is that the DPO is usually an IT professional or legal expert, not both. Even if there would be a DPO who embodied both expertise, it is almost impossible for one person to have continuous insight into the regulatory segment and the data segment of all the company’s business processes, and the larger the scale, the more complicated it gets.

The Inventory represents one of the main compliance pillars that should give you an overview of procedures and important information about data processing. Still, the record is usually kept in Excel, which does not offer collaboration function and a DPO cannot track changes made in the document.

Moreover, it is impossible to administer other applicable laws or define data retention policies for each data category, because Excel does not allow you to execute those policies directly onto the appropriate data sets.

These challenges prevent companies to move forward with their compliance project. If there is no division of responsibility between DPO and other organizational units, the DPO will face the impossible challenge of overseeing all  processes.

On the other hand, if the company has recognized the importance of decentralized data privacy management model and there is a collaboration between departments but there is no proper tool for managing the processes, the DPO will be left without an overview of all processing activities and unable to track changes made by other departments.