EDA-DPR-001 - Processing of personal GSM details
Records and compliance checklist
Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:
1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).
The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr |
Item |
Explanation |
|
Header - versioning and reference numbers (recommendation: publicly available) |
|
1. |
Last update of this record |
08-07-2022 |
2. |
Reference number |
EDA-DPR-001 - Processing of personal GSM details |
|
part 1 - article 31 record (recommendation: publicly available) |
|
3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
4. |
Name and contact details of DPO |
|
5. |
Name and contact details of joint controller (where applicable) |
N/A
|
6. |
Name and contact details of processor (where applicable) |
N/A
|
7. |
Purpose of the processing |
Collection and processing of GSM details for CAP Directorate personnel, for contact in relation to work related issues while they are out of the office during working hours.
|
8. |
Description of categories of persons whose data EDA processes and list of data categories |
Data are processed from the following data subjects: CAP Directorate personnel Data processed are the following: GSM numbers of private or work phones (depending on which is held by the staff member)
|
9. |
Time limit for keeping the data |
Personal data is retained until the staff member leaves the EDA, until they delete the data themselves or until they instruct that the personal data should be deleted.
|
10. |
Recipients of the data |
The data is available to all CAP Directorate personnel only. Personal data will not be shared with non-CAP personnel without permission from the staff member concerned.
|
11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
N/A
|
12. |
General description of security measures, where possible. |
Only CAP Directorate staff has access to the Excel list containing the GSM details.
|
13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|