We are having a discussion in our company on what level a Processing activity should be at while implementing a SaaS for managing our RoPA. Some are arguing that we can look at the defined business processes to determine the level, e.g. recruitment is equal to one processing activity, while other argue that we must also define the different sub-tasks under the recruitment process and have each sub-task as their own processing activity in the RoPA.
At what level do you keep them in your company? And what are the pros/cons that you have based on your level of detail?