GDPR data types and purposes configuration

Note that this document assumes you are familiar with GDPR concepts and nomenclature.

Configuring the GDPR data types and purposes

Before the end users/customers can start using your GDPR platform, you must configure the data types, purposes and consents for your organisation.

You do this by editing a GDPR Excel setup template file. Download this template to you computer and edit it to reflect your needs. After it has been edited you can upload the result to the GDPR platform to configure it.

The spreadsheet contains two sheets; “Purpose” and “Data type”.

The purpose sheet

The purpose sheet contains information about your business activities and the legal grounds of why you are collecting this information. The data you enter here is used by the “Data types” sheet. The data in this sheet are information about the GDPR “purpose” and is visible to the user as a navigational “tab” in the GDPR data access portal user interface and, if the purpose is a consent type of purpose, as something the user can potentially opt in or out of.

The purpose sheet is divided into two sets of columns; “Processing activity” and “Legal grounds”. These sets are further divided into columns:

Purpose sheet

Processing activity




The ID of the purpose - it is automatically computed from the other columns. Do not edit it manually.


A short description of which high level business proccess/group the purpose belongs to, for example “Marketing” or “Employment”.


A short name describing the the purpose at a more detailed level than BusinessProces, for example if the BusinessProcess is “Employment”, it can be “Salary” or “Payroll”. It is used as a property heading/label in the end-user interface.


A longer description describing the purpose in more detail. It should be long enough that the end user can understand the purpose. For example “Handling salary information for employees” or “To survey employee satisfaction”.


With which third party organisations or entities is information gathered for this purpose shared (leave blank if the data is not shared).

The data type sheet

The data type sheet contains all the types of data your organisation stores about GDPR subjects. It is linked to one or more of the purposes you have defined in the purposes sheet.

Data type sheet

The sheet is divided into two parts; the leftmost columns are properties for the data type, the rightmost part is a matrix where you enter a “x” value for each purpose the data type is governed by. These latter columns are automatically generated from the purposes you set up in the “purposes” sheet.

The data type properties




The ID of the data type - it is automatically computed from the other columns. Do not edit it manually. Note that the maximum length of this field is 32 characters. If the computed contents is larger than 32 characters, please limit the size of the “Type” and/or “System” field to stay within the 32 character limit.


A short description what type of data this is (for example “Customer” or “Employee”). Note that the combination of “Type” and “System” must be less than 32 characters (including whitespace).


A short name of the system where the data is residing (for example “CRM” or “ActiveDirectory”). Note that the combination of “Type” and “System” must be less than 32 characters (including whitespace).


A longer description of the type of data to make it easier for the data subject to understand what the data is


The “level” of the data - it can be either “Personal” or “Related”, i.e. directly about the data subject or indirectly (for example data about the customer such as address or orders for the customer, respectively)


An comma separated list of email-addresses for who should get notified when a GDPR data access request or change request is received by the GDPR platform. The should be no whitespace before or after the comma, if the contents contain a comma-separated list of email addresses.


All columns to the right hand side is automatically generated from the “purposes” sheet. It creates a matrix where putting in an “x” value for a specific purpose for a specific data type indicates that this data type is covered by that purpose. You can put a mark in more than one purpose column.

Updating GDPR data types and purposes

When the spreadsheet is filled out, you can upload it to the GDPR platform by navigating to the “GDPR” section on the right hand side of the management studio GUI. Here you can upload the setup excel file in the Data type template section.

If the spreadsheet file is made availble at a shared URL you can configure the GDPR portal to upload it at regular intervals.

After uploading the file, the platform data structures will be updated with this information and the data access portal user interface will reflect the purposes and data types defined in the spreadsheet (note that this process can take a few minutes after upload).

In the management studio for the GDPR platform datahub you can inspect the current configuration by navigating to the gdpr-data-type and gdpr-purpose datasets.