Data Processing Activity Tracking¶

The Data Processing Activity Log (DPAL) provides a record of how personal data is processed within your organization, supporting GDPR Article 30 compliance requirements.

Overview¶

The Data Processing Activity Log tracks:

• Activity Records -- Timestamped logs of data processing operations
• Data Subject Association -- Links activities to specific data subjects via DID
• Processing Sources -- Identifies which integration or system triggered the activity
• Activity Types -- Categorizes processing (collection, update, deletion, etc.)
• Field Tracking -- Records which data fields were involved
• Preference Tracking -- Associates activities with consent preferences

Dashboard Interface¶

The DPAL interface is accessible from Data Mapping in the dashboard. It provides a tabular view of processing activities with filtering and sorting.

Table Columns¶

Time Range Filters¶

Filter activities by time period:

• Last 24 hours
• Last 30 days
• Last 6 months
• Last 12 months

Features¶

• Paginated activity table with time range filtering
• Activity type and processor display
• Data subject DID display with copy functionality
• Processor logo display for integrated services
• Sortable and filterable columns

Activity Types¶

Common processing activity types logged:

• Data collection (form submissions, webhook events)
• Profile updates
• Consent changes
• Rights request processing (access, deletion, portability)
• Data sharing with third parties
• Marketing communications
• Analytics processing

Activity Sources¶

Activities are logged from connected integrations:

How Activities Are Created¶

Processing activities are automatically created when:

1. Webhooks are received from integrated platforms (Shopify orders, Stripe payments, etc.)
2. Consent forms are submitted through the Transparency Center
3. Rights requests are processed (access, deletion, portability)
4. Data subject profiles are updated via the dashboard or API
5. Third-party processors sync data through configured integrations

Each activity record captures what happened, when it happened, who was affected, and which system was involved.

GDPR Article 30 Support¶

The processing activity data supports compliance by:

1. Maintaining Records -- Complete log of all processing activities
2. Data Subject Linkage -- Every activity tied to a specific data subject
3. Purpose Tracking -- Activity types indicate processing purposes
4. Source Identification -- Clear record of which systems process data
5. Temporal Tracking -- Timestamps for activity occurrence and recording

Limitations¶

The activity log does not provide:

• Visual data flow diagrams or interactive mapping interfaces
• Automated system discovery or integration scanning
• Real-time data flow monitoring
• Cross-border transfer risk assessment automation
• Data lineage visualization
• Automated Article 30 record generation

These capabilities may require manual documentation through other platform features such as processing purposes and data processor configurations.

Best Practices¶

Activity Monitoring¶

1. Regular Review -- Check activity logs regularly for unexpected patterns
2. Time-Based Analysis -- Use time range filters to identify processing trends
3. Source Validation -- Verify that all expected sources are logging activities
4. Data Subject Impact -- Monitor activity volume per data subject

Integration Configuration¶

1. Source Registration -- Ensure all platforms are connected as integrations
2. Field Mapping -- Verify platform-specific fields are mapped correctly
3. Preference Alignment -- Link activities to appropriate consent preferences
4. Webhook Testing -- Verify webhook events create activity records correctly

Related Documentation¶

• Processing Activities -- Processing purpose documentation
• Audit Logging -- System-level audit trails
• Consent Management -- Consent preference tracking
• Data Connectors -- Integration setup