Monitor processors¶

After onboarding processors, ongoing monitoring ensures they remain compliant with your data processing requirements. Dxtra provides tools to review processor profiles, track processing activity, and verify that DPAs, certifications, and data handling practices stay current.

Review processor details¶

Go to Processors in the left sidebar and find the processor in the Manage Processors table. Click Details to open the processor details panel.

The details panel shows the full compliance profile for the processor:

Contractual information:

• Data Processing Agreement — A link to the processor's DPA (e.g. stripe.com/legal/dpa). Verify that a signed DPA is in place and covers the data categories you share with this processor.
• Legal Basis — The legal basis for processing (e.g. contractual necessity, legitimate interest, consent).

Security posture:

• Certifications — Security certifications the processor holds, such as ISO 27001, SOC 2, and PCI DSS. Track expiry dates and verify renewals.
• Incident Response Plan — The processor's documented breach response procedures. GDPR requires processors to notify you of breaches without undue delay.

Data handling:

• Categories of Personal Data Processed — Which types of personal data the processor handles on your behalf.
• Processing Purposes — The specific purposes for which the processor uses the data.
• Data Processing Locations — Countries and regions where data is processed (e.g. EU, UK, USA). This is critical for assessing international transfer risks.
• Deletion Policy — How the processor handles data deletion when requested or when the contract ends.
• Retention Policy — How long the processor retains data and under what conditions.

Monitor processing activity¶

Once a processor is onboarded and Interconnected, Dxtra records data processing activities in the Data Processing Activity Log. Navigate to Data Processing Activity Log in the left sidebar to view the full audit trail.

The activity log shows:

• Activity — What happened (e.g. "Customer Updated", "Customer Created")
• Data Processor — Which processor performed the activity, shown with the processor's logo
• Identifiers — Color-coded badges showing which personal data identifiers were involved (Email Address, Shipping Address, Full Name, Phone Number, etc.)
• Data Subject DID — The decentralized identifier of the affected data subject
• Timestamp — When the activity occurred

Filter the log by Activity Type, Processors, or Date using the tabs above the table. Set the Time Range to focus on specific periods (e.g. "Last 24 Hours").

Track processor status¶

In the Manage Processors table, each processor shows a status badge:

• Interconnected — The processor is fully connected and active. API credentials are valid and data synchronization is working.

If a processor's status changes (e.g. due to expired API credentials), update the connection by clicking Manage on the processor row and re-entering valid credentials.

Compliance review checklist¶

Use this checklist when reviewing processors, whether for routine oversight or audit preparation:

1. DPA in place — Confirm a signed Data Processing Agreement exists and is linked in the processor details
2. Certifications current — Verify that security certifications (ISO 27001, SOC 2, PCI DSS) have not expired
3. Processing purposes aligned — Check that the processing purposes listed match what you have actually authorized
4. Data categories accurate — Confirm the categories of personal data processed reflect current data sharing
5. Processing locations reviewed — Verify data processing locations and assess whether international transfer safeguards are needed (see transfer impact assessments)
6. Deletion and retention policies — Confirm the processor's data lifecycle practices meet your retention requirements
7. Incident response documented — Verify the processor has a breach notification procedure that meets your contractual and regulatory requirements

Sub processor oversight¶

Sub processors appear in the Sub Processors table on the Processors page. GDPR requires processors to notify you before adding or changing sub processors, and your DPA should give you the right to object.

Review sub processor details using the same Details panel as data processors. Pay particular attention to:

• Whether the sub processor has adequate security certifications
• Where the sub processor processes data (international transfer risk)
• Whether the sub processor's DPA terms are compatible with your own

When to review processors¶

Review your processor registry:

• Quarterly — Routine review of all active processors
• After a breach — Review the involved processor's security posture and incident response
• When certifications expire — Follow up with the processor to confirm renewal
• Before audits — Ensure all processor details are current and DPAs are in place
• When adding new data categories — Update the processor's profile to reflect new data sharing
• When regulations change — Assess whether existing processor arrangements comply with new requirements

Related¶

• Processor management overview — The Processors page and its sections
• Add a data processor — Onboard a new processor
• Vendor risk assessments — Formal assessment of processor security posture
• Transfer impact assessments — Assess international data transfer risks
• Processing activity logs — Full audit trail of processing activities
• Breach & incident management — Report breaches involving processors