News, events, publications

EDA-DPR-045 - Consultation Forum for Sustainable Energy in the Defence and Security Sector (CFSEDSS) conferences within European Defence Energy Network (EDEN)

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-045
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
External contractors (e.g. the venue booking agency or conference venue, catering company) may be used to perform certain tasks for the controller. All contractors are contractually obliged to ensure data protection compliance when processing personal data on behalf of EDA.
7. Purpose of the processing
The data are collected to obtain all personal data of participants necessary for the preparation, delivery and follow-up of the Consultation Forum for Sustainable Energy in the Defence and Security Sector conferences, including creating participant lists and name badges, anonymised statistics, hotel registrations and managing dietary restrictions for the catering. Additionally, the data are stored to set up a database that helps to build the network of energy and environment focal points and experts in the defence sector in the framework of the European Defence Energy Network (EDEN) activities. These details are used to engage the individuals in future relevant events and projects.
8. Description of categories of persons whose data EDA processes and list of data categories

Any staff of EDA’s participating Member countries and if no objections received from pMS: NO, CH, RS, DK, and NATO HQ and NATO ENSEC COE, DEFNET, UN. Industry and academic partners also attend on an ad hoc basis. Data processed are the following:

  • Last name, First name, Email-address, Telephone number; Nationality;
  • Organisation/entity, place of organisation/entity, function (post);
  • Government delegation, invited guest speaker;
  • Photographs, audio or video recording or livestreaming in the context of a meeting; dietary restrictions if applicable; sharing of participants list (opt-in required for specific purposes in registration form)
9. Time limit for keeping the data
The contact details of participants are stored to set up an internal database kept for up to 1 year after the end of the project that will serve to engage individuals interested in future relevant events or projects. Data subjects can unsubscribe or request deletion anytime by contacting the and specifying their request at the following mailbox:
Data other than contact details will be retained for a maximum period of 1 year after the last conference/meeting of the series or after the database is no longer necessary for networking in the Consultation Forum for Sustainable Energy in the Defence and Security Sector as defined under the purposes for this processing operation.
Anonymised statistics may be kept beyond the retention period. This is to inform EDA on participant numbers and analyse the relative success of each of the events as well as for reporting purposes.
10. Recipients of the data

The internal recipients of the data are the EDA staff assigned to the project, the organisers of the meeting, the Media and Communication Unit, IT Unit and other Units involved in a specific project or conference. The personal data will not be communicated to third parties unless necessary for the purpose of processing. External data recipients may include:

  • EDA's contractors, who are contractually obliged to ensure data protection compliance when processing personal data on behalf of EDA.(e.g. the agency or hotel which is hosting the event),
  • Other meeting participants (opt-in required),
  • Others on a need-to-know basis (e.g. supervisory authorities, courts etc.).
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
No transfers are envisaged. However, participation in meetings or conferences is in principle open to data subjects from third countries or international organisations which may have limited access to the personal information of other participants displayed in the context of meetings/conferences. Personal data collected from these data subjects will be kept separate, as far as possible.
In case of opt-in, the participants’ name and affiliation may be shared with other conference participants, including those from third countries and international organisations. The data shared on the basis of consent are: first name/surname, country, organisation, post, e-mail address and the working group choice.
12. General description of security measures, where possible.
Data will be processed in accordance with the high security standards established by EDA. Within the EDA network the data access is limited to the RTI Directorate staff, the IT and Media and Communications units. EDA external contractors are obliged by the respective contract to adopt appropriate technical and organisational security measures having regard to the risks inherent in the processing and to the nature of the personal data concerned.
EDA has implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.