EDA-DPR-071 - B2B Platform
Records and compliance checklist
Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:
1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).
The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr |
Item |
Explanation |
|
Header - versioning and reference numbers (recommendation: publicly available) |
|
1. |
Last update of this record |
05-09-2022 |
2. |
Reference number |
EDA-DPR-071 - B2B Platform |
|
part 1 - article 31 record (recommendation: publicly available) |
|
3. |
Name and contact details of controller |
European Defence Agency
Rue des Drapiers 17-23
B-1050 Brussels
Belgium
|
4. |
Name and contact details of DPO |
|
5. |
Name and contact details of joint controller (where applicable) |
N/A
|
6. |
Name and contact details of processor (where applicable) |
AWS
|
7. |
Purpose of the processing |
Registration of contact points of industries seeking to enter into partnerships in EU defence.
|
8. |
Description of categories of persons whose data EDA processes and list of data categories |
Contact points from defence industry : NAME/SURNAME/EMAIL
|
9. |
Time limit for keeping the data |
Personal data is kept for as long as the account is active. Once closed the personal data will be deleted.
|
10. |
Recipients of the data |
- EDA POs from ISP/ISE
- Registered users will only have access to the personal data of other registered users with which they partner
- EDA IT Administrator
|
11. |
Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards? |
NO
|
12. |
General description of security measures, where possible. |
EDA has implemented appropriate technical and organisational measures (firewalls, checkpoints, antivirus) to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected. Such measures have been taken in particular to prevent any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
|
13. |
For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement |
Additional information is available by following the link to privacy statement here.
|