Appointment of responsible persons
Posted: Sun Feb 02, 2025 5:26 am
It is necessary to determine a structural unit or a specific person who will be responsible for the implementation of internal control in the process of personal data processing. It is necessary to clearly establish the scope of his/her competence and approve the regulation on internal control in the processing of personal data. The options for appointing a responsible person may be as follows:
Allocation of a separate structural unit or specialist who will be completely freed from other duties to manage internal control.
Assigning additional functions to a specific employee of the organization so that he or she coordinates internal control in addition to his or her current duties.
Distribution of additional functions among several employees azerbaijan email list for joint implementation of internal control.
Output documents:
An order to amend the staffing schedule, reflecting changes related to the appointment of responsible persons.
A job description that describes the duties and powers of the designated responsible person.
An order appointing a specific person or persons to the role of person responsible for internal control during the processing of personal data.
Regulations on the organization of internal control during the processing of personal data, which set out the goals, objectives, responsibilities and procedures of internal control.
Stage 2. Business process analysis
It is necessary to identify and document business processes in which personal data is processed. Conduct an analysis of business process data for compliance with the requirements of personal data legislation.
Each business process related to the processing of personal data should be analyzed in the following aspects:
Purpose of personal data processing.
The responsible department or person carrying out the processing.
Categories of persons whose personal data are processed.
Types of personal data processed.
The legal basis on which the data processing is based.
Sources from which personal data is obtained.
Categories of persons to whom personal data may be transferred.
Storage periods for personal data.
Output documents:
A register of personal data processing, which will take into account and describe all identified business processes related to the processing of personal data.
Allocation of a separate structural unit or specialist who will be completely freed from other duties to manage internal control.
Assigning additional functions to a specific employee of the organization so that he or she coordinates internal control in addition to his or her current duties.
Distribution of additional functions among several employees azerbaijan email list for joint implementation of internal control.
Output documents:
An order to amend the staffing schedule, reflecting changes related to the appointment of responsible persons.
A job description that describes the duties and powers of the designated responsible person.
An order appointing a specific person or persons to the role of person responsible for internal control during the processing of personal data.
Regulations on the organization of internal control during the processing of personal data, which set out the goals, objectives, responsibilities and procedures of internal control.
Stage 2. Business process analysis
It is necessary to identify and document business processes in which personal data is processed. Conduct an analysis of business process data for compliance with the requirements of personal data legislation.
Each business process related to the processing of personal data should be analyzed in the following aspects:
Purpose of personal data processing.
The responsible department or person carrying out the processing.
Categories of persons whose personal data are processed.
Types of personal data processed.
The legal basis on which the data processing is based.
Sources from which personal data is obtained.
Categories of persons to whom personal data may be transferred.
Storage periods for personal data.
Output documents:
A register of personal data processing, which will take into account and describe all identified business processes related to the processing of personal data.