Your Register of Treatment Activities (R.A.T.) is not just a formality, it is essential, without it, the sanction becomes real and you may face problems.

All companies that process data on a regular basis must have their RAT (Register of Processing Activities) drawn up, which is an essential document in which all personal data processing activities carried out by the data processing company must be detailed, complying with both art. 31 of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights, as well as art. 30 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (GDPR).

Do you know what information the ARP should contain?

Key aspects of the personal data being processed must be recorded in the ARP.

Do you know what a data category is; which ones to record and how to qualify them?  

If such data is shared with other third parties, such as service providers, it must be classified, as well as the security measures and the retention period.

The ARP is the first of the documents that demonstrates the commitment that the standard requires regarding compliance with the protection of personal data of your customers, employees and suppliers, thus strengthening trust in the company and improving your reputation.

It is imperative to comply with data protection legislation and avoid penalties, while demonstrating your commitment to the security of your customers' and employees' personal data.

Did you know that not having an ARP when required is a serious violation?

At TOURISM & LAW we put ourselves at your disposal with the elaboration of the Register of Processing Activities, as well as all the internal documentation that a company must have implemented for regulatory compliance.