Step 1

Following Tasks that process Personal Data were found

Please help me to determine the Purpose for each Processing and additional attributes

Art. 4 GDPR
Definitions
  1. processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  1. ‘cross-border processing’ means either:
    1. processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
    2. processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.
Art. 6 GDPR
Lawfulness of processing
  1. Processing shall be lawful only if and to the extent that at least one of the following applies:
    1. the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
    2. processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
    3. processing is necessary for compliance with a legal obligation to which the controller is subject;
    4. processing is necessary in order to protect the vital interests of the data subject or of another natural person;
    5. processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    6. processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
    Point (f) of the first subparagraph shall not apply to processing carried out by public authorities in the performance of their tasks. [...]

Art. 11 GDPR
Processing which does not require identification
  1. If the purposes for which a controller processes personal data do not or do no longer require the identification of a data subject by the controller, the controller shall not be obliged to maintain, acquire or process additional information in order to identify the data subject for the sole purpose of complying with this Regulation.
  2. Where, in cases referred to in paragraph 1 of this Article, the controller is able to demonstrate that it is not in a position to identify the data subject, the controller shall inform the data subject accordingly, if possible. In such cases, Articles 15 to 20 shall not apply except where the data subject, for the purpose of exercising his or her rights under those articles, provides additional information enabling his or her identification.

Could not find any processing tasks. Here is what you can check to fix that:

  1. Probably tool failed to determine lane that would correspond to Filing System. Check Step 0!
  2. Processing Tasks are determined by incoming or outgoing connections with Data Objects. Probably current Filing System candidate Pool does not have any Tasks with connections to Data Objects.

Processing attributes

Processing Purpose
Back to Models Back to current model