Learn how to build a register of processing activities

Under the General Data Protection Regulation (GDPR), Records of Processing Activities (Article 30) are mandatory

  • For all organisations: for regular processing activities
  • For organisations with over 250 staff: for all processing activities 

Such records play a key part in the demonstration of compliance (accountability) with the GDPR or the POPI Act.

Why this course?

This course is aimed at data protection professionals who want to demonstrate compliance (accountability principle - Art 5.2 GDPR) in their organisations or in their clients' organisations.

Under Article 30 of the GDPR, a register of processing is mandatory and must be made available to a EU Supervisory Authority if required.

Did you realise that there are many additional benefits to the maintenance of such register?

  • Demonstrate the organisation level of compliance.
  • Cost reduction of data protection programmes.
  • Improved risk assessment as activities are put in context.
  • Improved staff training.
  • Improved data processing agreements.

We're hosting this course to train people working in the data protection arena build comprehensive registers of processing activities also known as "Corporate DPIAs" (Register of Processing Activities + Risk Assessments).

Our tutors Philipa Jane Farley and Claude Saulnier have mixed skills in business analysis, systems audits, legal and data protection. They have helped several organisations in preparing such registers.

Course outline

The course will take the example of a fictitious company called Limelight Limited employing 150 people. Philipa & Claude will show you how to prepare Limelight's register of processing activities.

  • Day 1: Finding the purpose & putting things in context (Business Analysis & Audit)
  • Day 2: Documenting the processing activities (Business Analysis & Legal)
  • Day 3: Gap analysis - Assessment (Legal)
  • Day 4: Technical & Organisational Measures (Governance)
  • Day 5: Reporting (Governance & Legal)

Bonus: The course fee includes a complimentary subscription to Bizoneo Professional Edition for the course duration as well as an additional 3 months complimentary subscription (worth €900) starting at the end of the course. At the end of complimentary period, there is no obligation to subscribe


Although the course will use Bizoneo as an example, the approach can be applied to any tool.

Depending on your organisation's needs, we can also provide tailored data protection trainings to assist your data protection programme.