Sites repository

When you create a new site it is added to the sites repository, where it is available for linking to the processing activities of your entity.

Table of contents

Overview

A site is any location involved in a data processing activity. It can be the place where the data is collected, where it is processed, the headquarters of the company processing the data, etc. Sites can therefore be offices, production sites, retail outlets, etc.

Adding a site to the repository allows you to:

  • easily link the site to processing activities

  • verify that the site has the appropriate security measures

  • store all site information in one easily accessible place

  • prepare for audits.

You can add sites to the repository via the processing creation screens. However, it’s simpler and more efficient to build a more or less complete repository first.

The Manage sites permission is required to perform the actions described in this article. To find out more, see Profiles & Permissions.

Article 30 compliance

To add a site to the site repository, the only field required is the name. However, to be Article 30-compliant, each site linked to a processing activity MUST have at least 1 INTERNAL OR 1 EXTERNAL SECURITY MEASURE.

 

How to add a site to the repository

There are two tabs to be completed when adding a site to the repository:

  • Information

  • Security measures

To add a site to the repository:

  1. In the sidebar, click Repositories Sites.

2. Click the Add a site button.

3. In the New site dialog box, enter the site name and click OK.

4. The site is added to the repository. It appears in the list of sites. Click the name to open it.

5. In the Information tab, complete the site address fields.

Once a site has been added to the repository, there is no Save button. All information entered is saved automatically.

 

6. To add the name and details of the person(s) in charge of the site, click the Add person button, enter their details and click Add.

7. Click the Security measures tab.

8. Click the Add value button(s). You can:

  • Select one or more standard internal and/or external security measures from the dropdown list.

  • Create a customized security measure: click the appropriate Add value field and enter a name.

  • Change the name of existing security measures: click the “pencil” icon.

For sites linked to a processing activity, at least 1 security measure is required to achieve GDPR Article 30 compliance. The security measure can be either internal or external. You can add multiple security measures but only 1 is required for Article 30 compliance.

 

How to manage sites

Sites can be renamed and deleted.

To manage a site:

  1. In the sidebar, click Repositories Sites.

  2. Click the name of the site to open it.

  3. To rename the site, click the “pencil” icon and enter the new name.

4. To delete the site, click the “More” button and select Delete site.