News, events, publications

EDA-DPR-062 - EU SatCom Market

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-062 - EU SatCom Market
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
To ensure communication between all parties involved in the project there is a need for EDA to collect personal data so it can be shared among all parties as described below. The main objective of the EU SatCom Market project is to efficiently and cost effectively provide Contributing Members with an option to commercially source Satellite Communications (SatCom) as well as wider Communication and Information Systems (CIS) services through the European Defence Agency (EDA). A Joint Procurement Arrangement Management Group (JPAMG) is set up comprising representatives from the Contributing Members and EDA which supports decision making for the project. In addition, and to manage the project, contracted services providers and supporting EU bodies also form part of the needed support to manage the project and interested member states and EU Bodies who have not joined yet to support a further expansion of the project.
8. Description of categories of persons whose data EDA processes and list of data categories
Data are collected from the following individuals: contributing members points of contacts and their deputies, representatives of other member states or EU bodies points of contacts who have showed and interest to join the project, contracted services providers points of contact, EDA project management, Data processed are the following for each individual: Rank; Name and Surname; email address; phone number; Function (nationality and employer).
9. Time limit for keeping the data
Personal data will be kept as long as needed to serve the purpose for which they have been collected or until the data subject indicates that he/she wants the data to be removed. In any case, the personal data collected, and the database will be deleted at the closure of the Project.
10. Recipients of the data

Internal recipients:

  • EDA ISE Directorate/Operations, Exercise and Training Unit staff members;
  • IT and Security Units staff members; other EDA Operational Units staff members that may be involved in the project.

External recipients:

  • contributing members; contracted services providers, supporting EU bodies and representatives of participating Member States that may join the project.
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
Data will be processed in accordance with the high security standards established by EDA. Personal data within EDA network are restricted so that only EDA staff can access. Data are stored on the EDA IT infrastructure in a dedicated folder/database, with unlimited access to Controller, Programme Manager and Head of Unit. A replica of this database will be mirrored to a folder on the EDA Collaboration Platform which is EDA web-based collaboration system, only accessible to participating members, contracted service providers and members states/EU bodies who have shown an interest to join.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.