News, events, publications

EDA-DPR-001 - Processing of personal GSM details

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 08-07-2022
2. Reference number EDA-DPR-001 - Processing of personal GSM details
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
Collection and processing of GSM details for CAP Directorate personnel, for contact in relation to work related issues while they are out of the office during working hours.
8. Description of categories of persons whose data EDA processes and list of data categories
Data are processed from the following data subjects: CAP Directorate personnel Data processed are the following: GSM numbers of private or work phones (depending on which is held by the staff member)
9. Time limit for keeping the data
Personal data is retained until the staff member leaves the EDA, until they delete the data themselves or until they instruct that the personal data should be deleted.
10. Recipients of the data
The data is available to all CAP Directorate personnel only. Personal data will not be shared with non-CAP personnel without permission from the staff member concerned.
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
Only CAP Directorate staff has access to the Excel list containing the GSM details.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.