In the Data Privacy Assistant you build the Article 30 GDPR record under Record of Processing Activities: you create one entry per activity, set its processing role, document data categories, lawful basis and retention, and link the assets involved. The Asset coverage tab shows where the record still has gaps. On save, the finished activities are taken into the records.
Open and prepare the record
Open the record of processing
Open the Data Privacy Assistant and select the Record of Processing Activities step. The page shows a status banner at the top (Published, Draft or new) and the collapsible Recommendations below it.
Collect the information
Expand the Recommendations. Step 1 contains an email template that you can copy with the button and send to every team involved. Transfer the returned details on purpose, data categories, recipients and retention into the form afterwards.
Capture a processing activity
Add a new activity
Stay on the Processing activities tab and click Add Processing Activity. For the very first entry use Add First Processing Activity. The New Processing Activity form opens.
Choose the processing role
At the top of the form choose the Processing Role: Controller, Joint Controller, Processor or Joint Processor. The choice controls which further fields appear, such as the joint controller organization or the principal.
Enter the basic information
Under Basic Information enter the Activity Name and a short description. Pick a Data Type, either from the presets or via Custom with your own name. A preset suggests purpose, recipients and retention, and every suggestion stays editable. State a short Purpose of Processing and use the person picker to set a Responsible Person for this Processing Activity.
Set the data categories
Under Categories of Data Subjects choose whose data is processed, such as customers, employees or prospects. Then tick every applicable category under Categories of Personal Data. Special categories under Art. 9 GDPR are flagged in yellow. Ticking one of them automatically raises the Privacy Classification to High and marks the activity as requiring a DPIA.
Add lawful basis, retention and assets
Choose the Lawful Basis for Processing and enter how long the data is kept under Retention Period. Under Associated Assets link the systems where the data resides. If the ISMS is active, you can additionally link the activity to a process from your ISMS.
Confirm the activity
At the bottom of the form click Confirm Data Processing Activity. The entry then appears in the list with its role, data type and risk badges. Use Cancel to discard the input. Repeat the steps for every further activity.
Check gaps and save
Review asset coverage
Switch to the Asset coverage tab. Cenedril shows two panels: Personal-data assets without a processing activity and Processing activities without associated assets. Use Create processing activity or Assign asset to jump straight to closing each gap.
Save the record
Click Save. Cenedril validates the entries, takes every complete or changed activity into the records, and moves you on to the Data transfers step. Save as Draft keeps the interim state without committing the activities to the records.
Result: the record of processing activities is documented under GDPR Article 30, each activity carries its role, data categories and retention, the asset coverage shows no open gaps, and the finished entries are stored in the records in an audit-proof form.