Defining processing activities in the VVT simply explained

To start with, the processes in which personal data is processed must be defined. The best way to do this is to go through your business processes and your value chain and create a VVT entry for each self-contained area where personal data is processed. Important: very often the mistake is made of using tool names as entries for the VVT, e.g. „Outlook Mails“ or „Customer data in Excel“. Avoid „tool-centered“ names and use names such as „Customer communication“ or „Customer data management“ instead. The tools are then a module in the VVT entry. Another tip: If you offer services (e.g. employee coaching), this service offer would be a separate VVT entry. If the service varies greatly from customer to customer, it makes sense to create a separate VVT entry for each customer (e.g. „Individual employee coaching customer X“).

As an alternative or as a supplement to the method described above by defining the business processes and the value chain, you can also try to identify relevant processing activities via the data flow. In doing so, you try to trace the „path“ of the data in the company. Where is data collected from customers and employees, where is it needed (processed) and stored, and when is it no longer needed? Using this overview, you can map the data flow in completed processing steps and thus entries in the VVT and at the same time already have content for the VVT entries. Here is an example using an online store, where the numbered headings represent the VVT entries:

Customer registration

• Data collection: Customers register in the online store and enter their name, address, e-mail address and, if applicable, telephone number.
• Processing: The data is used to create a customer account, order processing, shipping and invoicing.
• Storage: Customer data is stored in the online store's customer database.
• Forwarding: To shipping service providers to deliver the order and, if necessary, to payment service providers to process the payment.
• Deletion: Customers can have their account deleted, which removes their data from the database.

Order process

• Data collection: When an order is placed, the article, quantity, delivery address and payment information are recorded.
• Processing: The data is used for order processing, invoicing and shipping.
• Storage: Order data is stored in the online store's order database.
• Forwarding: To shipping service providers to deliver the order and, if necessary, to payment service providers to process the payment.
• Deletion: Order data will be deleted after expiry of the statutory retention periods.

Payment processing

• Data collection: Credit card information or other payment data is collected during payment.
• Processing: The data is used for payment processing.
• Storage: Payment data is not stored by the online store itself, but is processed directly by the payment service provider.
• Forwarding: To the payment service provider for processing the payment.
• Deletion: Payment data will be deleted after the payment has been processed.

Website use

• Data collection: When you visit the website, data such as IP address, browser type, operating system and pages visited are collected.
• Processing: The data is used to analyze user behavior, improve the website and personalized advertising.
• Storage: The data is stored in log files and possibly in cookies on the user's device.
• Forwarding: To web analysis service providers and possibly to advertising partners.
• Deletion: Log files are automatically deleted after a certain time, cookies can be deleted by the user.

E-mail marketing

• Data collection: Customers can register for the newsletter and provide their e-mail address.
• Processing: The e-mail address is used to send newsletters and promotional offers.
• Storage: The e-mail address is stored in the newsletter database.
• Forwarding: To e-mail marketing service providers.
• Deletion: Customers can unsubscribe from the newsletter at any time, which will remove their e-mail address from the database.

If you have employees, you can proceed in a similar way. Processing activities such as the application process, employee onboarding, personnel administration, payroll accounting, etc. can then arise here.