Articles on: Privacy

Privacy Management

🔐 Privacy Dashboard 🔐

From processing activities to DPIAs — this is where privacy is ensured.


1️⃣ Page Overview

The Privacy menu of Brainframe centralizes GDPR and broader privacy compliance.

It provides structured modules to document, manage, and monitor all privacy-related requirements.


Features include:

  • Data Processing Activities
  • Agreements (DPA)
  • Data Processing Roles
  • DSAR (Data Subject Access Requests)
  • DPIA (Data Protection Impact Assessments)


Each submenu shares the same clean list layout with filters, search, and quick actions which we call the Table view.



2️⃣ Data Processing Activities


When you create a new DPA, you will be able to configure some properties on the documents


ese properties will make it much easier for you to sort, find, and manage your documents. The properties you configure will be reflected in the table view, and each of them will automatically add a filter that you can customize to easily find the relevant documents you are looking for. This same concept applies to ALL document types in Brainframe.




Once the properties have been configured, you can write the DPA contents. Brainframe provides a built-in template that you can use as a foundation.


Document all data processing operations carried out by your organization. Each activity can be linked to risks, non-conformities, and assets for full traceability.


Tracked fields include:

  • Processing activity name
  • Purpose of processing
  • Data categories (e.g., HR data, customer data)
  • Linked risks, assets, or incidents
  • Retention period
  • Legal basis (consent, contract, legitimate interest, etc.)


📌 This forms your GDPR Article 30 record of processing activities (ROPA).


3️⃣ Agreements (DPA)


Manage all Data Processing Agreements (DPAs) with suppliers, partners, and processors. Each agreement is stored as a document record, linked to the relevant supplier.


Details include:

  • Supplier name and contact
  • Agreement type
  • Linked processing activities
  • Linked risks or assets
  • Expiry/renewal dates


📌 Centralizing agreements makes audits and supplier reviews much easier.


4️⃣ Data Processing Roles


Document all roles in data processing, both internal and external. This clarifies responsibilities across the data lifecycle.


Examples of roles:

  • Data Controller
  • Data Processor
  • Joint Controller
  • Sub-Processor
  • Business Associate


📌 Assigning roles helps ensure accountability and GDPR compliance.


5️⃣ DSAR (Data Subject Access Requests)


The DSAR document facilitates the handling of requests from data subjects (e.g., right of access, deletion, rectification).


Key features:

  • Built-in Forms for receiving requests.
  • Manage requests inside Brainframe for processing and documentation.
  • Each request can be assigned, tracked, and closed within the system.


📌 This creates a transparent and auditable process for handling data subject rights.



6️⃣ DPIA (Data Protection Impact Assessments)


A dedicated space to conduct DPIAs whenever a high-risk data processing activity is planned.


Features include:

  • Predefined templates aligned with GDPR requirements.
  • Risk-based assessment of new projects or technologies.
  • Link DPIAs to processing activities, risks, and controls.
  • Store results and mitigation measures.


📌 Running DPIAs through Brainframe ensures consistent, audit-ready documentation.


7️⃣ Best Practices

  • 📝 Keep processing activities updated — especially when new systems or vendors are added.
  • 📂 Link DPAs directly to suppliers — improves traceability during audits.
  • 🧑‍🤝‍🧑 Define roles clearly — avoid accountability gaps.
  • 🔍 Perform DPIAs early — before launching new projects.


🎯 Visual Checklist

  • [x] Processing activities documented
  • [x] Supplier DPAs uploaded and linked
  • [ ] Roles assigned and reviewed
  • [ ] DSAR form embedded on website
  • [ ] DPIA completed for new project


Updated on: 03/09/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!