News, events, publications

EDA-DPR-008 - ESI-REACH,SoS and SoI Portals, Portals on EDA website

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 08-07-2022
2. Reference number EDA-DPR-008 - ESI-REACH, SoS and SoI Portals
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
Providing a one-stop-shop for interested parties to access information on specific issues on legislation and practices of pMS (national Portal page), including national points of contact, through one single source (the EDA Portal). Information is provided by pMS who send this information to EDA and request to post it on the public Portals/national page, on their behalf. Personal data reflects contact information of national PoCs to facilitate direct contacts to MS experts in case of additional questions.
8. Description of categories of persons whose data EDA processes and list of data categories
Data are processed from the following individuals or group of people: Points of Contact (PoC) nominated/identified by relevant organisations/Ministries for the respective topics (that each portal refers to) Data processed are the following: - PoC name, organisation, telephone number and e-mail address.
9. Time limit for keeping the data
Personal data are stored for as long as it is valid and substituted when so requested by pMS. Due to the nature of the business, staff at Ministry of Defence level are rotated and so when a responsibility is given to a different person, EDA is requested by e-mail by the respective Ministry of Defence to make the changes and substitutions. Periodically, EDA on its own initiative sends requests to Ministries of Defence to validate that their data in the Portal (respective national page) are still current, and to provide new PoC data, if there has been a recent change of responsibilities for the PoC position. Past data/files not valid anymore are deleted from hard drives. The public Portal is updated with the new information, after replacing/deleting the previous one.
10. Recipients of the data
Data are posted under the contact info part of the national pages located on the Portals, which themselves are publicly available to anyone following the link from the EDA website.
11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
For internal hard drive data, access limited only to the persons entrusted with the processing of personal data protected though EDA’s internal IT system.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.