lumen.privacy · Records of processing
Your register — guided, not improvised
Art. 30 GDPR requires a complete register of processing activities. lumen.privacy guides you through it with a 10-step wizard — including templates, an approval process and PDF export for authorities and audits.
Capture
Ten steps, every mandatory field
The wizard structures capture along the Art. 30 requirements: basics, purposes, legal bases, data subjects, data categories, recipients, third-country transfers, retention periods, TOMs and a summary. For a faster start, begin from a template.
- 10-step wizard along the legal mandatory fields
- Templates for typical processing activities
- Special data categories flagged with an Art. 9 badge
- Search and status filter across all activities
Approval & evidence
Activate under control, export at a click
Every activity passes a role-based approval process: submit, approve or reject — approvals are reserved for admin and DPO roles. The full register is generated as an Art. 30-compliant PDF across all active activities.
- Status lifecycle: draft → pending approval → active → in review → archived
- Approve and reject only for admin and DPO roles
- Per-activity PDF plus full register PDF
- Server-enforced status transitions — no shortcuts
Processors (Art. 28)
DPAs in view — right at the recipient
Vendors are managed with contact, status, risk level and contract date — including the DPA as a PDF. Inside an activity, a badge on the recipient shows whether the data processing agreement is signed or still open.
- Processors with risk level and contract date
- DPA PDF stored right at the vendor
- “DPA signed” / “DPA open” badge per recipient
- Linked to the processing activities in the register
Early access
Your register, audit-ready
In a demo we show how existing processing activities look in lumen.privacy — from the wizard to the full register PDF.