XYZ Company

Inventory of Systems processing Personal Data

(replace this and all red entries below with your own entries)

Ref Name of Information/Communications System or Managed as PIC, PIP or

# Filing System both

PIC - if you are doing

processing as defined by
top management, PIP - if
you are doing processing
1 Name of the DPS (data processing system) as instructed by another
entity, Both - if you are
processing in both of the
above capacities
 Type (Manual/Paper, Purposes of DPS
Electronic, or both)

Manual/Paper - if all
processing is being done
manually, Electronic - if
all processing is done
electronically, Both - if A short description of the purpose(s) of the processing.
there is a mix of manual
and electronic
processing
 Fully-automated decision
Subcon/Outsource Transfer outside the Philippines making

Yes or No. Answer "Yes" if the

Yes or No. Answer "Yes" if the system makes decisions based
Yes or No. Answer "Yes" if any
system is subcontracted or on software algorithms. One
personal data is transferred or
outsourced. Later, the system example would be a payroll
transmitted outside the
will prompt you to enter the system that computes for take-
Philippies.
name/s of the PIPs. home pay without the need for
manual intervention.

Decision has significant effect
on the data subject
Yes or No. Answer "Yes" if the
system makes decisions that
significantly affect the data
subject, e.g. suspension of
privileges, or denial of a loan,
application, job promotion,
license, or permit.
|-------------->
The columns to the right of this are for internal tracking p
Description of Category of Data
PIPs
Subjects
Short description of the
Name of PIP, contact number, category (or categories) of data
subjects. For example, in the
and contact email (if more than Libreng Bakuna
one, the system will allow you categories are: program, the
to add more as needed).
"Parent/Guardian" and "Child
Beneficiaries".
ght of this are for internal tracking purposes only.

Categories of Recipients to who

the personal data might be Function or Business Unit or Department Process Owner
disclosed

Short description of the

category (or categories) of third
party recipients. For example, in The organizational unit that is reponsible The name of the process
the Libreng Bakuna program, for the operation of this DPS. owner.
the categories are: "LGU",
"DOH" and "Hospitals"
 PIA and
PDI and Controls Sign- Privacy Notice Privacy Contracts and Change
Recomm.
Process Flow off Policies DSAs Management
Controls

List of privacy
Last update Details of
sign-off - date, notices, List of related List of revised
date of PIA
Last update consent policies and contracts and Date of last
and schedule by whom,
date of PDI forms, etc. last update training
for next allocated DSAs
and last upate date
revision budget date
 Security
Breach Drill Audit
Incidents

List of security
Date of last incidents Date of last
breach drill related to this audit
DPS