100+ examples of processing activities

In practice, every instance of personal data processing must be documented in the record of processing activities (RoPA). To identify and define processing activities, it is particularly useful to focus on business processes, taking into account processing purposes and systems (hardware and software). 

Our hands-on list contains the title of the processing activity, a brief description, details of the data subjects, and a list of personal data types.

Recruitment and job advertising

• Description: Creating requirement profiles, job descriptions, and placing job ads on application portals
• Data subjects: Applicants
• Types of personal data: Name, email address, resume, cover letter, references

Application receipt and pre-qualification

• Description: Receipt of applications via internal or external job portals and pre-qualification by the HR department
• Data subjects: Applicants, HR managers
• Types of personal data: Name, email address, resume, cover letter, references

Conducting job interviews

• Description: Preparation, conducting, and follow-up of interviews by the HR department in coordination with the respective department
• Data subjects: Applicants, HR managers, employees
• Types of personal data: Name, email address, resume, cover letter, references, interview notes

Onboarding

• Description: Introduction and integration of new employees into the company
• Data subjects: New employees, human resources department, team leaders
• Types of personal data: Name, email address, date of birth, social security number, pension insurance number

Employee development and training

• Description: Planning and implementation of training measures to promote employee skills
• Data subjects: Employees
• Personal data types: Name, position, competency assessments

Talent management and promotion of young talent

• Description: Identification, development, and retention of talent and junior staff
• Data subjects: Employees
• Personal data types: Name, talent pools, development programs, succession plans

Personnel planning and reporting

• Description: Analysis of personnel structure and creation of reports on personnel development
• Data subjects: Employees
• Personal data types: Employee names, working hours

Conflict management and mediation

• Description: Resolution of conflicts in the workplace through mediation and dialogue
• Data subjects: Employees
• Types of personal data: Name, contact details of employees involved, mediation records

Personnel marketing and employer branding

• Description: Measures to position the company as an attractive employer
• Data subjects: Employees
• Types of personal data: Photos and videos of employees, voice recordings, name, job title

Employee surveys and feedback systems

• Description: Conducting surveys to gather employee opinions and satisfaction levels
• Data subjects: Employees
• Types of personal data: Name, gender, department (if collected), survey responses, feedback, improvement suggestions (if applicable)

Human resources management

• Description: Management of employee data and HR files
• Data subjects: Employees
• Personal data types: Name, address, salary, social security number, working hours

Time and attendance management

• Description: Recording, monitoring, and managing employee working hours and attendance
• Data subjects: Employees
• Types of personal data: Name and address of employees on timesheets, vacation requests, sick notes

Performance appraisal

• Description: Evaluation of employees' work performance and productivity
• Data subjects: Employees
• Personal data types: Name, evaluation reports, target agreements, feedback forms

Payroll

• Description: Calculation and payment of salaries to employees, including income tax and social security contributions
• Data subjects: Employees
• Types of personal data: Name, date of birth, gender, email address, telephone number, address, sick leave, parental leave, vacation, working hours, salary, social security number, marital status, religion, tax identification number

Administration of company pension schemes

• Description: Administration of company pension plans and associated funds
• Data subjects: Employees
• Personal data types: Name, pension insurance number, pension plan data, contribution history, benefit calculations

Compensation management and incentives

• Description: Design and administration of compensation systems and incentive structures
• Data subjects: Employees, managers
• Types of personal data: Name, address, date of birth, salary data, bonus regulations, performance reviews.

Employee engagement and satisfaction

• Description: Measures to increase employee motivation and loyalty
• Data subjects: Employees
• Types of personal data: Name, contact details, employee feedback

Health management and occupational safety

• Description: Measures to promote health and safety in the workplace
• Data subjects: Employees, company doctors, occupational safety officers
• Types of personal data: Health reports, name, address of employees

Health promotion and prevention programs

• Description: Measures to promote the health and well-being of employees
• Data subjects: Employees, company physicians, health managers
• Types of personal data: Name, address of employees, health programs, participant lists, health reports

Diversity management and equality

• Description: Promotion of diversity and equality in the company
• Data subjects: Employees
• Types of personal data: Data on ethnicity, age, gender of employees

Outplacement and employee exit management

• Description: Accompanying and supporting employees when they leave the company
• Data subjects: Departing employees, human resources department, outplacement managers where applicable
• Personal data types: Names and contact details of employees, e.g., for separation agreements in outplacement programs

Mobility Management and Relocation Services

• Description: Support for employees during relocations and international assignments
• Data subjects: Employees
• Types of personal data: Names and addresses of employees

Offboarding

• Description: Structured design of the employee departure process
• Data subjects: Departing employees
• Types of personal data: Employee master data from exit interviews

Budget planning

• Description: Creation and monitoring of budgets for departments or projects
• Data subjects: Employees
• Types of personal data: Salaries, working hours, first and last names of employees

Financial reporting

• Description: Preparation of periodic financial reports such as profit and loss statements, balance sheets, and cash flow reports, as well as internal reconciliation
• Data subjects: Employees, stakeholders
• Types of personal data: Email addresses, salaries

Cost accounting

• Description: Allocation and control of costs for products, services, and projects
• Data subjects: Employees
• Types of personal data: Salaries, days absent, sick days, working hours, names

Accounts payable management

• Description: Management of payments to suppliers and service providers, including invoice processing and account reconciliation
• Data subjects: Suppliers
• Personal data types: Email address (supplier), name of contact person, telephone number, supplier data, invoice data, payment history, contract data

Accounts receivable management

• Description: Monitoring and managing incoming payments from customers, including invoicing.
• Data subjects: Customers
• Types of personal data: Customer data (email address, name, etc.), outstanding invoices, incoming payments, reminders

Dunning process

• Description: Management of outstanding payments and reminders
• Data subjects: Defaulting payers
• Types of personal data: Contact details (name of contact person, position, address, email address, telephone number)

Risk management

• Description: Identification, assessment, and minimization of financial risks
• Data subjects: Risk managers, management, external contact persons
• Types of personal data: Name, contact details (address, telephone number) of external contact persons

Insurance management

• Description: Taking out and managing insurance policies for assets, employees, or liability risks
• Data subjects: Employees
• Types of personal data: Name and contact details from insurance policies, dates of birth, and identification numbers

Payment transaction management

• Description: Processing of incoming and outgoing payments
• Data subjects: Accounting, banking partners, suppliers, customers
• Types of personal data: Bank transaction data, name and contact details of payment recipients, identification numbers such as tax numbers, if applicable

Preparation and submission of tax returns

• Description: Planning and submission of tax returns and optimization of tax strategies
• Data subjects: Employees
• Types of personal data: First and last name, email address

Donation management

• Description: Management of donations, contributions, and charitable contributions
• Data subjects: Donors
• Types of personal data: Donor data, grant notifications, proof of use

Customer segmentation

• Description: Analysis of customer data to form specific target groups
• Data subjects: Customers
• Types of personal data: First and last name, purchase history, demographic data (gender, date of birth, place of residence), location data

Market research

• Description: Analysis of market trends, suppliers, and customer needs to support purchasing decisions
• Data subjects: Survey participants, market participants
• Types of personal data: Survey responses, age, gender, place of residence of participants, consumer behavior

Conducting surveys

• Description: Collection, analysis, and use of customer feedback for product improvements
• Data subjects: Customers, survey participants
• Types of personal data: First and last name, company name and role in the company, customer feedback, usage data, market trends

Collection of lead data via web forms

• Description: Collection of data about prospects for sales purposes
• Data subjects: Prospective customers, potential customers
• Types of personal data: Contact details, professional information, areas of interest

Maintenance of the customer database

• Description: Collection of data about interested parties for sales purposes
• Data subjects: All persons recorded, customers
• Types of personal data: Updated contact information, customer status, interaction history

Organization of offline events

• Description: Registration and management of participant data at events
• Data subjects: Event participants, guests
• Types of personal data: Name, participant contact information, participation confirmations

Webinar and online course management

• Description: Collection of participant information and feedback
• Data subjects: Course participants, learners
• Types of personal data: First name, last name, email address, feedback, participation behavior

Newsletter distribution

• Description: Management of email addresses for marketing emails
• Data subjects: Subscribers, customers
• Types of personal data: Email address, title, interests

Direct marketing campaigns

• Description: Use of postal addresses for physical ad mailings.
• Data subjects: Recipients of the campaign
• Personal data types: Postal addresses, purchase history, product interests

Personalized advertising

• Description: Use of behavioral data for tailored advertising messages
• Data subjects: Website visitors, customers
• Types of personal data: Browsing behavior, purchase history, interests

Website analysis

• Description: Analysis of website visitors' usage behavior on the website by Google Analytics
• Data subjects: Website visitors
• Types of personal data: Location data, local preferences, demographic information, IP address, OS version

Website visitor tracking

• Description: Collection of behavioral data from website visitors, including pages visited, visitor source, company, geographic location, and time spent on the website.
• Data subjects: Website visitors
• Types of personal data: Location data, demographic information, IP address

Retargeting campaigns

• Description: Use of browser cookies to deliver targeted advertising via channels such as Google Ads or Microsoft Advertisements
• Data subjects: Website visitors, online users
• Types of personal data: Cookie data, pages visited, click behavior

Campaign tracking and analysis

• Description: Evaluation of campaign success based on user data
• Data subjects: Campaign target groups, interested parties
• Types of personal data: Campaign performance, user interactions, ROI data

Social media marketing

• Description: Analysis of user data on social media platforms
• Data subjects: Social media users, followers
• Types of personal data: First and last names of social media followers, likes, comments

Email marketing

• Description: Sending targeted marketing emails to selected recipient groups to promote products, services, or brands
• Data subjects: Recipients of email communications
• Types of personal data: Email address, job title

Influencer marketing

• Description: Processing data for the selection and management of influencers
• Data subjects: Influencers, followers of influencers, target groups
• Types of personal data: Influencers' contact details (age, gender, background, data on their community), social media statistics, engagement rates, content preferences

Programs to strengthen customer loyalty

• Description: Management of customer preferences and purchase history
• Data subjects: Customers, loyalty program members
• Types of personal data: Purchase history, customer status, purchase preferences

Customer feedback surveys

• Description: Collection and analysis of customer opinions
• Data subjects: Customers, service users
• Types of personal data: First and last name, company name and position (if applicable), customer opinions, reviews, product preferences

Post-purchase customer surveys

• Description: Collection of data on customer satisfaction
• Data subjects: Purchasers, customers
• Types of personal data: First and last name of customers, company name, role and function within the company, customer satisfaction data, product feedback, suggestions for improvement

Use of chatbots

• Description: Recording user inquiries and preferences via chatbots
• Data subjects: Customers, website visitors
• Types of personal data: Input data (first and last name), request details, user preferences, email address

Cross-selling and upselling

• Description: Use of purchase histories for further sales offers
• Data subjects: Customers
• Personal data types: Buyer contact details, purchase history, product usage, feedback

A/B testing

• Description: Analysis of user responses to various marketing content
• Data subjects: Test group participants, website visitors
• Types of personal data: User responses, click behavior, conversion rates

Affiliate marketing

• Description: Tracking user actions via affiliate links
• Data subjects: Users of affiliate links, online shoppers
• Types of personal data: Clicks on affiliate links, purchase transactions, conversion data

Online surveys and quizzes

• Description: Collection of user responses and preferences
• Data subjects: Participants, online users
• Types of personal data: First name, last name, contact details, interests

Local marketing

• Description: Use of location data for region-specific offers
• Data subjects: Local target groups, community members
• Types of personal data: Location data, local preferences, demographic information

Customer acquisition

• Description: Identification, approach, and negotiation with potential new customers
• Data subjects: Prospective customers
• Types of personal data: Email address, name, interest profiles, communication history

Product presentations

• Description: Online or offline meetings with potential customers for the purpose of initiating sales
• Data subjects: Prospective customers
• Types of personal data: Email address, name

Sales negotiations

• Description: Direct negotiations with customers regarding prices, terms, and services
• Data subjects: Customers, sales staff, sales managers
• Types of personal data: Contact details

Preparation of offers and contracts

• Description: Creation of individual offers or contracts based on customer inquiries or needs
• Data subjects: Customers, sales staff
• Types of personal data: Customer contact details, customized price lists, and/or quotation documents

Order processing

• Description: Recording and managing customer orders
• Data subjects: Customers
• Types of personal data: Order data (customer information such as name of contact person, purchaser, delivery address, cost center)

Order and delivery status tracking

• Description: Monitoring the status of customer orders and deliveries
• Data subjects: Customers
• Types of personal data: Address data of the recipient of the goods, order data, delivery schedules, tracking information

Logistics

• Description: Packaging and shipping ordered goods to end customers
• Data subjects: Customers
• Types of personal data: Address

Sales training and education

• Description: Conducting training courses to improve sales skills
• Data subjects: Sales employees, sales managers, trainers
• Personal data types: First and last names of participating sales employees, short biographies if applicable, participant lists, feedback forms

Sales partner management

• Description: Coordination and support of sales partners and resellers
• Data subjects: Sales partners, channel managers, sales staff
• Types of personal data: Partner contact details, contracts, performance data

Customer relationship management (CRM)

• Description: Systematic maintenance and analysis of customer relationships
• Data subjects: Customers, sales staff
• Types of personal data: Name, email address, purchase history, interaction history

Customer segmentation and targeting

• Description: Classification of customers into different segments for targeted upselling
• Data subjects: Marketing team, sales staff, CRM managers
• Types of personal data: Customer contact data, segmentation criteria, sales history

Sales controlling and reporting

• Description: Monitoring and reporting of sales activities and results
• Data subjects: Sales staff
• Types of personal data: Sales figures, reports, customer KPIs, communication logs, draft contracts

Pricing and discount management

• Description: Setting prices and discounts for products and services
• Data subjects: Customers, sales staff
• Personal data types: Customer contact details, individualized price lists, individual discount arrangements, negotiation logs

Commission calculation and payment

• Description: Setting sales targets for sales commissions and documenting the sales achieved by the respective employees
• Data subjects: Sales employees
• Types of personal data: First name, last name, commission entitlement

Customer care and service

• Description: Ongoing customer care, including after-sales service and support
• Data subjects: Customers, customer service employees, technical support
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number if applicable), service logs, feedback

Customer account management

• Description: Management of customer accounts
• Data subjects: Customers
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number if applicable), account details

Handling customer inquiries (1st level support)

• Description: Processing incoming inquiries by phone, email, or chat
• Data subjects: Customers, customer service employees
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number if applicable), service logs, feedback

Technical support (2nd level support)

• Description: Forwarding technical or specialist questions to 2nd level support and responding to them by phone, email, or chat
• Data subjects: Customers, technical support
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number if applicable), service logs, feedback

Complaint management

• Description: Receiving and processing customer complaints
• Data subjects: Customers
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number if applicable), complaint content

Order acceptance

• Description: Receipt and processing of customer orders
• Data subjects: Customers placing orders
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number if applicable), order details

Collecting customer feedback

• Description: Collecting and evaluating customer feedback
• Data subjects: Customers
• Types of personal data: Customer contact details (name, email address), feedback content

Product advice

• Description: Advising customers on products or services
• Data subjects: Prospective customers
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number if applicable), inquiry content

Escalation management

• Description: Processing of escalated customer concerns
• Data subjects: Customers with escalated concerns
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number if applicable), inquiry content

Customer identification and authentication

• Description: Verification of customer identity
• Data subjects: Customers
• Types of personal data: Customer contact details (name, email address, postal address, telephone number), identification documents (e.g., telephone password or authentication PIN) if applicable

Updating service information

• Description: Informing customers about changes to services, products, offers, or legal provisions.
• Data subjects: Customers
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number), communication content

Management of customer service inquiries via social media

• Description: Processing of inquiries received via social media
• Data subjects: Social media users, followers with inquiries
• Types of personal data: Name, photo (if applicable), place of residence and occupation, inquiry content

Management of customer complaints on social media

• Description: Processing and responding to customer complaints on social networks
• Data subjects: Social media users, followers with complaints
• Types of personal data: Name, photo (if applicable), place of residence and occupation, complaint content

Management of customer data

• Description: Recording and updating customer data in systems
• Data subjects: Customers, customer service employees
• Types of personal data: Customer master data (name, address, customer number), customer profile

Contract management and administration

• Description: Creation, review, and management of customer contracts
• Data subjects: Customers, sales staff, legal department if applicable
• Types of personal data: Customer contact details (address, name of contact person), negotiation records, term data

Processing returns and refunds

• Description: Processing customer inquiries regarding returns and refunds
• Data subjects: Customers
• Types of personal data: Customer contact details (name, email address, address, telephone number, order number), payment information

Processing warranty claims

• Description: Processing customer inquiries regarding warranty claims
• Data subjects: Customers with warranty claims, warranty department employees
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number), purchase details

Processing payment transactions

• Description: Processing payments related to customer service inquiries
• Data subjects: Customers, accounting staff
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number), payment information

Contract management

• Description: Management of customer contracts
• Data subjects: Contract customers
• Personal data types: Customer contact details (name, email address, postal address, telephone number, customer number, contract number), contract details

Analyzing customer complaints

• Description: Analysis of customer complaints to improve service
• Data subjects: Dissatisfied customers who have submitted complaints
• Types of personal data: Demographic information, e.g., gender, place of residence, age, purchase history, complaint category/categories

Conducting customer satisfaction surveys

• Description: Conducting and evaluating customer satisfaction surveys
• Data subjects: Survey participants
• Types of personal data: Customer contact details (name, email address), survey responses

Training customer service staff

• Description: Training customer service staff in the processing of personal data
• Data subjects: Customer service employees
• Types of personal data: Employee contact details (name, email address, postal address, telephone number, personnel number), training content

Data analysis for service improvement

• Description: Analysis of customer data to improve service offerings
• Data subjects: Customers whose data is analyzed
• Types of personal data: Customer contact details (name, email address, postal address, telephone number, customer number), interaction history

Work planning and preparation

• Description: Planning of work processes and preparation of production resources
• Data subjects: Employees
• Personal data types: First and last names of employees, telephone number, email address, availability, work schedules for shifts

Production order management

• Description: Management and coordination of production orders
• Data subjects: Customers, production employees, logistics employees
• Types of personal data: Customer order data, production schedules, delivery dates, delivery addresses

Capacity planning and management

• Description: Planning and optimization of production capacities
• Data subjects: Production planners, shift supervisors, human resources management
• Types of personal data: Resource planning data, capacity data, utilization reports, shift schedules

Material procurement and management

• Description: Purchasing and managing materials and raw materials for production
• Data subjects: Purchasers, warehouse staff, suppliers
• Types of personal data: Order lists, supplier contact details, inventory levels

Quality management and control

• Description: Ensuring and checking product quality during the production process
• Data subjects: Quality managers
• Personal data types: Quality reports with data on production employees (name, function, personnel number, shift model), test reports, error data

Error management and analysis

• Description: Identification and analysis of production errors and their causes
• Data subjects: Quality managers, production employees, technicians
• Types of personal data: Data on production employees (name, function, personnel number, shift model), error reports, cause analyses, corrective measures

Employee training and development

• Description: Training and further education of production employees
• Data subjects: Production employees, trainers, personnel developers
• Personal data types: Employees' last names, first names, personnel number, date of birth, training plans, certificates, continuing education reports

Safety management and occupational health and safety

• Description: Ensuring safety and health protection in the workplace
• Data subjects: Safety officers, production employees, company physician
• Types of personal data: Names and positions of employees, information on physical limitations/illnesses if applicable, safety protocols, accident reports, training documents

Outage management and emergency planning

• Description: Management of breakdowns and emergency situations in production
• Data subjects: Production management, safety officers, maintenance technicians, production employees
• Personal data types: Personnel data of affected employees from production, including absence data, emergency plans

User account management

• Description: Management of user accounts and access rights
• Data subjects: Employees, external users
• Types of personal data: User name, email address, access permissions

Email system administration

• Description: Administration and maintenance of the email system
• Data subjects: Employees, external communication partners
• Types of personal data: User email addresses, email content

VPN administration

• Description: Setting up and managing VPN access
• Data subjects: VPN users
• Types of personal data: User identification, connection data

Mobile Device Management

• Description: Management of mobile devices used in the company
• Data subjects: Employees
• Types of personal data: Device data, user account data

Employee onboarding and offboarding in IT systems

• Description: Management of access for new and departing employees
• Data subjects: New and departing employees
• Types of personal data: Employee data, access data, access rights

IT support tickets

• Description: Processing of IT support requests
• Data subjects: Employees, customers
• Personal data types: Contact information for employees (internal help desk) or customers (external help desk), problem/request description

Helpdesk and service desk administration

• Description: Operation and administration of IT helpdesk and service desk
• Data subjects: Requesting users, help desk staff
• Types of personal data: Name, email address, telephone number, user feedback

Network access control

• Description: Monitoring and controlling access to the network
• Data subjects: Network users, employees
• Personal data types: User identification data, access logs

Security audits

• Description: Performing IT security checks
• Data subjects: Network users, IT staff
• Types of personal data: Audit logs, user access data

Data encryption

• Description: Encryption of data to protect against unauthorized access
• Data subjects: All users of encrypted systems
• Types of personal data: Encrypted user data

Disaster recovery planning

• Description: Development and implementation of disaster recovery plans
• Data subjects: Employees, customers
• Types of personal data: Backup data, user access data

Incident response management

• Description: Response to IT security incidents
• Data subjects: Data subjects affected by security incidents
• Types of personal data: Security incident reports, user data

Network monitoring

• Description: Monitoring network traffic and performance
• Data subjects: Network users
• Types of personal data: Traffic data, user access logs

Patch management

• Description: Management and implementation of software updates
• Data subjects: Users of patched software
• Types of personal data: Device and software versions, user data

Database management

• Description: Maintenance and administration of company databases
• Data subjects: Employees, customers
• Personal data types: User data, transaction data

Backup and data recovery

• Description: Backing up and restoring data
• Data subjects: Persons whose data is backed up and restored
• Types of personal data: Backup data, user data

Device management and maintenance

• Description: Maintenance and management of IT devices
• Data subjects: Employees, external device users
• Personal data types: Last name, first name, employee ID number and associated device inventory number(s), maintenance logs

Cloud services management

• Description: Management and monitoring of cloud services
• Types of personal data: User account data, service usage data
• Data subjects: Cloud service users, IT administration

Configuration management

• Description: Management of system configurations and changes
• Data subjects: IT staff, users of affected systems
• Personal data types: Configuration data, change logs

Capacity planning

• Description: Planning IT resource capacity
• Data subjects: IT planners, end users
• Types of personal data: Application usage data (employee last name, first name, and department), resource requirement data

Software license management

• Description: Management and monitoring of software licenses
• Data subjects: Users of the licensed software
• Personal data types: User data (last name, first name, department, employee number if applicable), license usage data

Website administration

• Description: Maintenance and updating of the company website
• Data subjects: Website visitors, website administrators
• Types of personal data: User data (e.g., cookies), content data

Employee training on IT security

• Description: Training employees on IT security practices
• Data subjects: Trained employees, external IT trainers if applicable
• Types of personal data: Employee master data (last name, first name, department, personnel number), contact details of external IT trainers, training content

IT project management

• Description: Planning, implementation, and monitoring of IT projects
• Data subjects: Project team members, stakeholders
• Types of personal data: Project employee data (last name, position, role in the project), project progress data

Contract review and negotiation

• Description: Review, negotiation, and administration of contracts with customers, suppliers, and partners
• Data subjects: Customers, suppliers, partners, employees
• Types of personal data: Names, addresses, payment information

Compliance audits

• Description: Reviewing compliance with legal and internal company regulations
• Data subjects: Employees, management, external auditors
• Personal data types: Employee master data, financial information

Data protection audits at processors

• Description: Ensuring compliance with data protection laws and guidelines at processors
• Data subjects: Suppliers
• Types of personal data: Customer contact data, employee master data

Internal data protection audit

• Description: Preparation, implementation, and follow-up of an internal data protection audit.
• Data subjects: Employees
• Types of personal data: Name, email address

Product compliance management

• Description: Ensuring that products comply with legal standards
• Data subjects: Manufacturers, regulatory authorities, consumers
• Types of personal data: Contact details of product managers as contact persons for product issues, product data, certification reports

Management of trade secrets

• Description: Protection and management of confidential company information
• Data subjects: Company leadership, employees who have access to confidential information, contractual partners
• Types of personal data: Employee data in the context of trade secrets, non-disclosure agreements (NDAs) with employees, business partners, and other external stakeholders

Handling of insolvency proceedings

• Description: Legal support in insolvency proceedings
• Data subjects: Debtors, creditors, insolvency administrators
• Types of personal data: Debtor data, court documents

Fighting corruption

• Description: Prevention and investigation of corruption cases
• Data subjects: Employees, business partners, investigators
• Types of personal data: First and last names of suspects, suspicious transactions, including transaction data, communication data

Environmental compliance

• Description: Ensuring compliance with environmental regulations
• Data subjects: Environmental officers, authorities, company management
• Types of personal data: Contact details of environmental officers, other contact persons in the company's sustainability management department, if applicable, permits, environmental compliance test reports

Processing of data protection requests

• Description: Identification of data subjects and responding to data subject requests in accordance with Art. 12 ff GDPR
• Data subjects: Customers, users, employees
• Types of personal data: Personal data of customers, employees, managers, business partners

Management of external information requests

• Description: Processing requests under the Freedom of Information Act or similar regulations
• Data subjects: Citizens, government employees, legal department
• Types of personal data: Personal contact details of citizens or contact persons at public authorities (surname, first name, location, telephone number, position), correspondence

Internal legal advice

• Description: Advice on various legal matters within the company
• Data subjects: Management, employees, department heads
• Types of personal data: Employee data, communication data

Management of legal disputes

• Description: Coordination and management of judicial and extrajudicial disputes
• Data subjects: Plaintiffs, defendants, attorneys
• Types of personal data: Party data, court documents

Witness statement management

• Description: Coordination and preparation of witness statements in legal cases
• Data subjects: Witnesses, lawyers, judges, court staff
• Types of personal data: Witness statements, court documents

Management of labor law cases

• Description: Handling labor law matters, such as dismissals or labor disputes
• Data subjects: Employees, HR department, works council
• Types of personal data: Employee data, performance reviews

Negotiation of working conditions

• Description: Negotiating working conditions with employee representatives
• Data subjects: Employees, works council, HR department
• Types of personal data: Negotiation minutes with employees, employee master data

Negotiations with regulatory authorities

• Description: Negotiating and clarifying matters with supervisory authorities
• Data subjects: Company representatives, government officials, legal advisors
• Types of personal data: Contact details of company representatives, compliance reports

Internal training on compliance topics

• Description: Conducting training on compliance and legal topics for employees
• Data subjects: Employees, training instructors
• Types of personal data: Employee master data, training materials

Corporate ethics and integrity

• Description: Promotion and monitoring of ethical standards within the company
• Data subjects: Employees, ethics committee, company management
• Types of personal data: Employee master data, ethics guidelines, reports of misconduct

Supplier selection

• Description: Selection of suppliers based on criteria such as price, quality, and reliability
• Data subjects: Suppliers, purchasing staff
• Types of personal data: Contact details (name of contact person, position, address, email address, telephone number), evaluation data

Supplier evaluation

• Description: Evaluation of supplier performance and reliability
• Data subjects: Suppliers, quality managers
• Types of personal data: Evaluation data, contact details (name of main contact person, position, address, email address, telephone number)

Supplier integration

• Description: Integration of new suppliers into existing systems and processes
• Data subjects: IT staff, suppliers
• Types of personal data: Contact details (name of contact person, position, address, email address, telephone number), system data

Supplier audit

• Description: Reviewing suppliers for compliance with agreements and standards
• Data subjects: Auditors, suppliers
• Types of personal data: Audit data, contact details (name of contact person, position, address, email address, telephone number)

Contract negotiations

• Description: Negotiating terms and prices with suppliers
• Data subjects: Suppliers
• Types of personal data: Contact details (name of contact person, position, address, email address, telephone number), communication data

Contract management

• Description: Administration and monitoring of supplier contracts
• Data subjects: Contract managers, legal department
• Types of personal data: Contract data, contact details (name of contact person, position, address, email address, telephone number)

Negotiation of framework agreements

• Description: Negotiation of long-term contracts with suppliers
• Data subjects: Contract managers, suppliers
• Types of personal data: Contract data, contact details

Contract termination

• Description: Termination of contracts with suppliers in the event of non-performance
• Data subjects: Legal department, suppliers
• Types of personal data: Contract data, contact details

Ordering process

• Description: Process of ordering goods or services
• Data subjects: Suppliers, employees in the ordering department
• Personal data types: Contact details (name of contact person, position, address, email address, telephone number), order data (order number, cost center)

Invoice verification

• Description: Checking incoming invoices for accuracy
• Data subjects: Suppliers, accounting staff
• Types of personal data: Invoice data, contact details (name of contact person, position, address, email address, telephone number)

Payment approval

• Description: Approval of payments to suppliers
• Data subjects: Suppliers, finance department
• Types of personal data: Bank details (payee, account details), contact details for payment notifications (name of contact person, position, address, email address, telephone number)

Inventory management

• Description: Management of warehouse stock and reorders
• Data subjects: Warehouse staff, purchasing staff, customers/purchasers
• Types of personal data: Order data, customer data

Supply chain management

• Description: Coordination and optimization of the supply chain
• Data subjects: Logistics managers, suppliers
• Types of personal data: Logistics data, contact details

Delivery date monitoring

• Description: Monitoring compliance with delivery dates
• Data subjects: Purchasing staff, suppliers
• Types of personal data: Schedule data, contact details (name of contact person, position, address, email address, telephone number)

E-procurement

• Description: Use of electronic systems to support the procurement process
• Data subjects: Suppliers, IT staff, purchasing staff
• Types of personal data: Supplier contact details (company name, position, name, address, contact person's email address, customer number, order history, order numbers)

Master data maintenance

• Description: Maintenance and updating of master data for suppliers and products
• Data subjects: Data administrators, suppliers
• Types of personal data: Master data of suppliers, contact details

Training and continuing education

• Description: Training of employees in procurement processes and systems
• Data subjects: Training participants, human resources developers
• Types of personal data: HR master data, training data

Customer relationship management (CRM)

• Description: Use of customer data to optimize sales and service
• Data subjects: Customers, interested parties
• Personal data types: Email address (customers), purchase history, service requests, communication logs

Investor relations and communication

• Description: Collection of data from investors and analysts for regular reports, meetings, and presentations
• Data subjects: Investors, analysts
• Types of personal data: Investor contact details, communication logs

Contract management

• Description: Processing of business partner and customer data in the context of contract creation, negotiation, and monitoring
• Data subjects: Business partners, customers, suppliers
• Types of personal data: Contact details of business partners and customers, correspondence with business partners

Project management

• Description: Management of team member data, communication with stakeholders, and resource planning for internal projects
• Data subjects: Employees, stakeholders, customers
• Types of personal data: Project team data, schedules

Processing activities: List of examples as a practical aid

The task of creating and maintaining a record of processing activities (RoPA) may seem like a daunting challenge. But it doesn't have to be: our list of processing activities provides practical guidance for your daily work. This also improves cooperation between data protection officers and specialist departments. The remaining question is how you want to maintain the RoPA. Find out more on our data privacy solution page.