Record of Processing Activities

For each N8N workflow, the following should be documented by default:

• Which personal data is processed?
• For what purpose is the processing carried out?
• Where does the data originate (source systems)?
• Where is the data transferred (target systems)?
• What data protection measures have been implemented?
• Who is responsible for the workflow?

Audit Logging

• Functionality in N8N Enterprise:

  • User-based actions (creation, modification, deletion)
  • Execution logging with timestamps
  • Tracking of access to sensitive workflows

• Audit-Proof Retention:

  • Export of audit logs to SIEM systems
  • Long-term archiving according to legal requirements
  • Immutability through cryptographic methods

Systematic logging of all activities is not only a legal requirement but also an important tool for error analysis and continuous improvement.