Processing Activities
A 'personal data Processing Activity' is an activity or task that is completed as part of a Business process.  For example, CV collection would be a personal data Processing Activity within the recruitment business process, alongside several other processing activities.

Data Record
'Data subjects' are individuals whose personal data is collected, held or processed.

A 'data record' is defined by:

• The type of data subject
• Their region of residency
• The entity that controls the personal data

The data record is used across all processing activities via a processing event, enabling data to be tracked throughout its life cycle and visualised with lineage maps.

Business Process
A 'business process' is a collection of related, structured processing activities or tasks that produce a specific service or product. For example, 'Recruitment' is a Business process that takes place within an HR department.

Business Area
The 'Business Area Register' allows for organisational departments or business units to be added as register records for display in Privacy Assessments. 

Business Areas can be linked to other register records—such as processing activities and processing events—which can then be filtered and reported on.

Business System
The 'Business System Register' defines all internal business systems in your enterprise at a high level. 

A Business System can be:

• A software solution
• A collection of technical or physical components (called Assets; see Asset Register below)

A Business System is defined as external or assigned to a location, and its data is defined by the sum of its assets.  A Business System alone cannot define these.

Asset Register
The 'Asset Register' defines all the technical or physical assets in the enterprise where the data operations are managed solely by the internal organisation, even if the service is owned and operated by a Third Party.

In some cases, an Asset can be considered the ‘child’ of a Business System.

Data Elements
The 'Data Elements Register' defines all the individual data elements in your enterprise. 

These elements are common across all processing activities and form part of the definition of a data record. The 'processing event' holds the relationships that create this definition.

A key role of the Data Elements Register is to maintain the organisation’s data classification.

Third Party
Businesses or organisations that manage or supply external business systems/applications are regarded as third-party entries in the system.

This differs from 'Legal Party' entities, which manage data processing under contract, even though both can be considered data processors from a regulatory perspective.

Legal Entity (Legal Party)
'Legal parties' or registered businesses are responsible for or active in activities involving the processing of personal data. They can be either internal or external.

• Internal Legal Parties: Identify the different parts of your organisation, including regional and global entities.
• External Legal Parties: Identify businesses that support your data processing, such as data joint controllers, external controllers, processors and sub-processors.

Processing Event
A 'Processing Event' is a defined action that specifies the resources used to process personal data within a named processing activity. 

Types of processing events include:

• Collection
• Source
• Processing
• Storage (planned)
• Access
• Transfer

The 'Processing Event Register' helps customers manage complex data structures. 

For example, if you need to record multiple data transfers for more than one Third Party or Legal Party within a processing activity, you would use the Processing Event Register.

Overview of available processing event types:

Evidence (Controls)
Data Protection and security regulations promote appropriate use of technical and organisational controls for controllers and processors when processing personal data. 

The type of control deployed by an organisation depends on the type and conditions of processing (Who? Where? Why?) as well as the sensitivity and criticality of the data used.

Risk Register
The 'Risk Register' allows risks to be created and linked to multiple records and registers.

Task Register (Risk Mitigation Activities)
The 'Task Register' allows risks to be created and linked to multiple records and registers for risk mitigation.