SAP Logo LeanIX is now part of SAP

"DSGVO/GDPR-Verarbeitungsverzeichnis" in LeanIX

  • 18 July 2023
  • 4 replies


I was wondering, if any of you has thought about modeling your company’s “DSGVO-Verarbeitungsverzeichnis” in LeanIX. One possibility might be a dedicated fact sheet with relationships to an application and several data objects.

looking forward to your feedback


4 replies

Hi Robert, 
yes, we are currently doing that - although not with a dedicated factsheet but with a set of attributes on the application factsheet. I have to admit, that we are mainly a B2B company and do not face a huge amount of GDPR related inquiries, nevertheless we found a pragmatic way to support our data privacy and HR colleagues in creating the necessary lists and overviews.
Feel free to reach out to me, if you like to discuss this further.
Best regards,

Userlevel 6
Badge +2

Hi @Robert Geisler, we had this topic in the last LeanIX customer community meeting when we discussed several ways how to integrate your RoPA / Record of Processing Activities / Verfahrensverzeichnis with LeanIX. Also, there was a presentation by McKesson at the LeanIX conference in 2017, as well as a decidated LeanIX Customer Community presentation by Endress+Hauser in 2018.

If you like, I can send you the material, and also add you to the invitation list for the upcoming Customer Community presentations. Feel free to get in touch via direct message.

Userlevel 4

Hi @Robert Geisler ,

in collaboration with our Lawer we developed a custom Factsheet:

We defined the subscription roles Data Manger (accountable), Data Protection Officer (responsible) and European Data Protection Officer (responsible). We found that’s too complex to the End users to assign Processes or Data Objects. They just create it as a Process/UseCase and link it to an Application they fulfil this UseCase. On Application side we have Data Objects linked and can so identify the concrete Data Object(s) related. Perhaps this approach may inspire you.
Best regards,


Userlevel 2
Badge +1



Yes we are doing it too, and modelled it with a new fact sheet type. On the Compliance Fact Sheet type we are modelling the datasubject and the datacategory as parent - child relationship:

For example:


Internal Employee / sensitive Data

Internal Employee / base Data

Internal Employee / webdata