How do I correctly set up a processing activity in OneTrust?
OneTrust is only valuable if processing activities are documented completely, consistently, and in a process-oriented manner. Procedure: 1. Define scope and process description and clarify demarcation from similar processing activities. 2. Clearly justify purpose, legal basis, and legitimate interest, if relevant. 3. Fully record categories of data subjects, data categories, recipients, and third-country references. 4. Document retention periods, TOM measures, and roles such as controller and processor. 5. Establish a review process and designate responsible persons to ensure continuous maintenance. This makes the directory consistent, auditable, and comprehensible for specialist departments.