University of Zenica, Zenica, Bosnia and Herzegovina
Records of processing activities or so-called procedure logs often are an
important basis to understand data flows and risks. At a first glance art. 30
GDPR makes the impression that records of processing activities are created for
documentary reasons to feed supervisory authorities. According to art. 30 IV
GDPR records of processing activities have to be presented to authorities on
request. Moreover, a procedure log is valuable for an organization to
understand, manage and steer data effectively. It is risky not to have an
overview about data used by different functions and people, in different entities
and cultures, in particular for data exchanged cross over jurisdictions or with
third parties. Additionally, the data world is becoming more complex,
communication volumes, speed and latency are increased. The internet of things
is penetrating all areas of organizations, society and states. Such developments
do not only take place internally. Many interfaces connect internal
organizational processes, applications or devices with external people, service
provider, supplier, customer, consumer or authorities. Machine to machine
communication is expanding. This is the digital sphere in parallel to the
analogue world many people are still very much used to. To cope with this
matrix of analogue and digital ecosystems and means the GDPR requires the
use of different instruments such as risk assessments, data protection impact
assessments, technical or organizational measures. One of the basics are the
records of processing activities.
Evidencija aktivnosti obrade (EAO) je pregled nad postupcima kojima se
obrađuju lični podaci. EAO se zahtijeva u čl. 30 Uredbe o zaštiti ličnih
podataka. Stvaranje ovakve evidencije služi raznim funkcijama. Zakonodavac u
čl. 30 IV Uredbe o zaštiti ličnih podataka želi omogućiti kontrolu kroz državne
vlasti. Ali je ovo samo jedna funkcija iz vida državnih vlasti. EAO sve vise
služi organizacijama da zadrže pregled nad svojim podacima i načinu
obrađivanja. Organizacije koje sve više rastu ili postaju kompleksnije žele da
zadrže pregled i kontrolu nad svojim aplikacijama i načinom obrađivanja ličnih
podataka. To jos više važi u doba digitalizacije. Konekcija sa drugim
aplikacijama, brzina i veličina izmjene podataka je toliko intenzivna, da EAO
služi stvaranju transparencije. Izmjena podataka na internetu, u IoT (Internet of
Things) ili komunikaciji između mašina (M2M, machine to machine
communication) se može opisati kao obrada podataka u digitalnim ekosistmima.
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
The statements, opinions and data contained in the journal are solely those of the individual authors and contributors and not of the publisher and the editor(s). We stay neutral with regard to jurisdictional claims in published maps and institutional affiliations.