News, events, publications

EDA-DPR-064 - Telephone Cascade

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 05-09-2022
2. Reference number EDA-DPR-064 - Telephone Cascade
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
To rapidly reach EDA staff members, SNEs, trainees and interim staff – referred to as “EDA personnel” (including outside working hours) in case of an emergency or crisis. The telephone cascade is an essential communication system to effectively implement the Agency’s Business Continuity Plan (published on EDA Portal)
8. Description of categories of persons whose data EDA processes and list of data categories
The data processed under this operation include mobile telephone numbers of EDA personnel. No sensitive data in the meaning of Article 10, Regulation 2018/1725 are processed.
9. Time limit for keeping the data
Personal data is retained until the EDA personnel member leaves the Agency, or until requests that the personal data should be deleted.
10. Recipients of the data

The access to all personal data as well as all information collected in the context of the telephone cascade procedure is granted to a defined number of users. These users typically are:

  • CSD Director;
  • HR unit
  • Security and Infrastructure unit;
  • Person performing a role in the Agency’s Business Continuity Plan (e.g. Crisis Management Team
  • "CMT").

Mobile numbers will not be transferred or transmitted to other users outside of the Agency.

11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
Data will be processed in accordance with the high security standards established by EDA as regards the security of IT tools. Mobile telephone numbers are registered in the HR database which is IT-based and accessible only to authorised staff.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.