Due to the provisions of the GDPR, every company is obliged to document its processing activities accordingly.
This applies to all activities, regardless of whether the processing is carried out technologically or through a regular manual process.
The purpose of the documentation is for the company to become aware of its processing activities, for the data protection officer to have an overview of the processing activities (and to be able to derive further measures from this) and also for a supervisory authority to be able to obtain an overview of the processing activities if necessary.