+31 (0)73 - 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Beglië
  • Dutch
  • English
  • Beglië
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Contact
  • Information security
    • ISO 19770-1
    • ISO 27001
    • ISO 27017 and ISO 27018
    • ISO 27799
    • BIO
    • NEN 7510
    • SOC 2
    • ISAE 3402
  • Privacy
    • Whitepaper BC 5701
    • AVG standard BC 5701:2023 NL
    • GDPR standard BC 5701:2023 EN
    • GDPR standard BC 5701:2024 EN
    • BC 5701
    • ISO 27701
  • Quality
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge base
  • News
  • Academy
    • NIS2 training course
    • ISO 27001 training courses
    • BC 5701 training courses
  • About us
    • Start your certification journey
    • Accreditations
    • Compliment, complaint or tip
    • Privacy Statement
    • Vacancies
    • Contact

Certification process

10
  • Checklist certification
  • Do you have your first audit soon?
  • How long does ISO certification take?
  • What is a certification cycle?
  • Applying for a certification process
  • Initial audit Stage 1
  • Initial audit Stage 2
  • Nonconformities management system
  • Certificate suspended or revoked? This is how you solve it!
  • Transfer of certification

BC 5701

5
  • BC 5701 certification: where do you start?
  • Your record of processing activities and the GDPR
  • Your Data Protection Officer and the GDPR
  • Checklist for your BC 5701 certification
  • Data breach: What is it and how do you prevent it?

General

9
  • SOC 2 or ISAE 3402: which standard suits your organization?
  • The Traffic Light Protocol (TLP): what does it mean for you?
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Find out more about internal audits
  • Tips to describe a proper scope
  • Accreditation versus certification
  • The use of certification logos

ISO 27001:2022

3
  • Operational Capabilities: The Backbone of Information Security
  • ISO 27001:2022 – FAQ transition
  • ISO 27001:2022 – Transition process

Whitepapers

2
  • Whitepaper management system audits
  • Whitepaper GDPR Certification Standard and Criteria BC 5701

Best practices

3
  • Mastering GDPR compliance: best practices
  • Excelling in information security: best practices
  • Quality Management: best practices for success

NEN 7510

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 Directive

2
  • NIS2 liability
  • NIS2 & the Belgian CyberFundamentals
View Categories

Your record of processing activities and the GDPR

1 min read

An indispensable part of the BC 5701 certification is setting up and maintaining a record of processing activities. Under the GDPR, certain obligations are imposed on organizations that process personal data. These obligations include keeping a record of processing activities. Maintaining this record of processing activities is very important as it allows you to prove that your organization is operating in accordance with GDPR regulations, also known as the principle of accountability.

record of processing activitiesHow do you create a record of processing activities?

Below we describe a number of steps. By following the steps you can set up and maintain a record of processing activities. This ensures transparency and compliance with data protection laws.

Identify the organization and those responsible

First of all, you need to record the name and contact details of your organization. If applicable, please also provide the details of any joint controllers and the representative of your organization and the Data Protection Officer (DPO).

Describe processing activities

For any processing that takes place under your responsibility, please document the following data:

  • The name and contact details of the controller, joint controllers, representative of the controller, and the DPO if applicable;
  • The processing purposes;
  • The categories of data subjects;
  • The categories of personal data;
  • The categories of recipients;
  • Intended periods for data erasure (if possible);
  • A general description of the technical and organizational security controls relating to the processing (if possible).

Ensure that registrations are complete, correct and current. All processing must be clearly recorded in the register.

Record processing activities

If your organization carries out processing on behalf of data controllers, you also record the following information:

  • The name and contact details of the organization and of any controller on behalf of which your organization carries out processing activities;
  • The categories of processing activities that your organization carries out on behalf of each controller;
  • Transfers of personal data to third countries or international organizations, including appropriate safeguards;
  • A general description of the technical and organizational security controls of the processing activities.

Ensure traceability

Ensure that the processing activities included in the register are clearly defined and can be traced back to documented processes or process steps.

The importance

In a world where data protection and GDPR compliance are vital, setting up and maintaining a detailed GDPR record of processing activities is key. This is not only an obligation under the law, but also the key to proving your organization’s commitment to data protection.

Follow the above steps carefully and ensure that your register is up to date so that you are always ready to respond to requests from data subjects and supervisory authorities.

Continue working on data protection for a strong and secure digital future.

Would you like to know more about the possibilities surrounding GDPR Certification Standard BC 5701?

📞 Call us on +31 (0)73 220 2000
📧 Email us at info@brandcompliance.com

 

Share This Article :
  • Facebook
  • X
  • LinkedIn
Updated on 17 March 2025
BC 5701 certification: where do you start?Your Data Protection Officer and the GDPR

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 scope 33 information technology and 35 other services.

Brand Compliance B.V.

Hambakenwetering 8D2
5231 DC ‘s-Hertogenbosch

+31 (0)73 220 2000
info@brandcompliance.com

Chamber of Commerce nr.: 32101659
VAT nr.: NL8130.78.854.B01

Brand Compliance Belgie B.V.

Uitbreidingstraat 66
2600 Berchem (Antwerpen)

+32 (0)14 48 0730
be-info@brandcompliance.com

VAT nr.: BE0735.675.516

Brand Compliance Nordics AB

Vasagatan 16 2 TR
111 20 Stockholm

+31 (0)73 220 2015
info@brandcompliance.com

Org.nr: 559238-1387

© Copyright 2025 Brand Compliance