News, events, publications

EDA-DPR-055 - Governmental Satellite Communication (GOVSATCOM) - Pooling and Sharing Demonstration Project

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-055 - Governmental Satellite Communication (GOVSATCOM)
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
The main objective of GSC Demo project is to meet the GOVSATCOM demands of cM,s and European CSDP actors trough a pooled capability (bandwidth/power and/or services) that has been provided by cM,s capabilities. In this regard, the Project facilitates provision of excess capability to a pool that would be available for use by other interested contributing Member States, and therefore mitigate their shortfalls. A project Arrangement Management Group (PAMG) will be set up comprising representatives from the cMs as the decision making body, in oder to govern and manage the GSC Demo Project. Subsequently, EDA will set up GSC Demo Project Office (GDPO) responsible for the effective coordination and daily activities of the GSC Demo Project. To that end, the communication between the parties (PAMG, GDPO and MS) needs to be enabled and their personal data collected by EDA, shared among other parties to the project and potentially with governmental bodies and governmental controlled Service Providers.
8. Description of categories of persons whose data EDA processes and list of data categories

Data are collected from the following individuals or group of people:

  • representative of cMs to the project;
  • representatives of other countries which have signed Administrative Arrangements with EDA and contribute to the Project;
  • representatives of cM's Service Providers and End Users;
  • representatives of participating Member States to EDA, State, Union's institutions or bodies, Organisation or other entity that are not cMs but are invited by the PAMG to observe the activities under the Project Arrangement.

Data processed are the following:

  • Name and Surname;
  • Function and (if representing a private company/Service provider) employer;
  • E-mail address;
  • Address;
  • Telephone number.
9. Time limit for keeping the data
Personal data are stored as long as they are valid and substituted when so requested by contributing Member representatives. Due to the nature of the business, EDA will periodically request cMs representatives to confirm that their personal data are still valid and to provide new PoC data representatives if changed. Personal data will be kept as long as needed to serve the purpose for which they have been collected or until the data subject indicates that he/she wants the data to be removed. In any case, the personal data collected, and the database will be deleted at the closure of the Project.
10. Recipients of the data

Internal recipients:

EDA CAP Directorate/Information Superiority Unit staff member;

  • IT and Security Units staff members;
  • other EDA Operational Units staff members that may be involved in the project.

External recipients:

  • Representatives of cMs;
  • Representatives of participating Member States that may join the project.
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
Data will be processed in accordance with the high security standards established by EDA. Personal data within EDA network are restricted so that only EDA staff can access. Data are stored on the EDA IT infrastructure in a dedicated folder/database, with unlimited access to Controller, Programme Manager and Head of Unit. A replica of this database will be mirrored to a folder on the EDA Collaboration Platform which is EDA web-based collaboration system, only accessible to those cMs participating in the project.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement

Additional information is available by following the link to privacy statement here.