What is DI (Data Inventory) and how to maintain records of processing activities?

We often hear the term DI, so what exactly does DI mean?

DI is short for Data Inventory, which is a customary usage for records of processing activities.

In Article 30 of the GDPR ("Records of processing activities"), it is described like this:

Each controller and, where applicable, the controller's representative, shall maintain a record of processing activities under its responsibility.

Each processor and, where applicable, the processor's representative shall maintain a record of all categories of processing activities carried out on behalf of a controller.

Therefore, whether we are a data controller or a data processor, we need to maintain a record of processing activities, which we usually call Data Inventory (DI).

Then, how to maintain the data inventories?

Usually, if the number of businesses is very small, we can manually maintain a table and keep updating it. But if the business is complex, we usually need to use an IT system to facilitate management.

JANUSEC Privacy is such an IT system, which provides all functional modules of privacy compliance governance, including records of processing activities, PIA, DPIA, etc.

JANUSEC provides the GIACR governance approach, with DI in the second management function (Inventory).