News, events, publications

EDA-DPR-054 - Access to documents

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-054 - Access to documents
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
It is recognised that public access to documents is an essential component of the policy of transparency implemented by the European institutions, bodies and agencies. The personal data of the applicants are used only to manage their requests for access to documents under Regulation 1049/2001.
8. Description of categories of persons whose data EDA processes and list of data categories
Data are processed from the applicants, meaning any citizen of the Union and any natural person residing in the Union. Data processed are the following: name, surname, e-mail address, postal address. No sensitive data in the meaning of Article 10, Regulation 2018/1725 are processed.
9. Time limit for keeping the data
Data will be retained only for the time needed to perform the task for which they were collected or processed, which in any case should not be longer than 2 years.
10. Recipients of the data
The data will be disclosed to: - Media and Communications Unit staff; - Directors of Directorates, staff members dealing with the preparation of response, Legal Advisor, Deputy Chief Executive, Chief Executive.
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
Data will be processed in accordance with the high security standards established by EDA. Within the EDA network the data access is limited to MCU staff and IT Administrators.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.