News, events, publications

EDA-DPR-024 - Termination of employment

Records and compliance checklist

Under Article 31 of the new Regulation, EUIs have to keep records of their processing operations. This template covers two aspects:

1.Mandatory records under Article 31 of the new rules (recommendation: publicly available)
2.Compliance check and risk screening (internal).

The header and part 1 should be publicly available; part 2 is internal to the EUI. By way of example, column 3 contains a hypothetical record on badges and physical access control in a EUI.
Nr Item Explanation
Header - versioning and reference numbers (recommendation: publicly available)
1. Last update of this record 02-09-2022
2. Reference number EDA-DPR-024 - Termination of employment
part 1 - article 31 record (recommendation: publicly available)
3. Name and contact details of controller
European Defence Agency

Rue des Drapiers 17-23
B-1050 Brussels
4. Name and contact details of DPO

Head of the Legal Office, Legal Advisor / Data Protection Mr Pedro ROSA PLAZA

5. Name and contact details of joint controller (where applicable)
6. Name and contact details of processor (where applicable)
7. Purpose of the processing
Data is processed to meet the rights and duties of EDA staff pursuant to the Staff Regulations and SNE Rules in the context of the termination of their employment at EDA.
8. Description of categories of persons whose data EDA processes and list of data categories

EDA staff terminating employment: including Temporary Agents (TA), Contract Agents (CA) and Seconded National Experts (SNE). Application of the data subject before his/her departure – a person ending his/her employment with EDA; Temporary Agent, Contract Agent and SNE and who shall provide a completed, signed and documented Departure Checklist. The relevant Departure Checklist shall provide the following information and any related further information:

  • Information on the leaving staff member/data subject’s :
  • Identification data regarding the leaving staff member/data subject, notably : name, personnel number, type of contract, date end of contract, reason for leaving EDA: end of contract or resignation;
  • Information requested by EDA HR unit from the leaving staff member/data subject’s to be returned to the HR unit : - Handover checklist; - severance/pension forms; - unemployment forms; - signed Confidentiality, Agreement/staff exit declaration; - signed application form for authorisation to engage in an occupational activity after leaving the EDA; - special ID card; - business cards; - leave balance; - new contact details after departure; - removal request form (back to place of recruitment/origin); - resettlement allowance form; - travel expenses on termination of service form. 
  • Information requested by EDA Corporate Services Directorate:
  • Finance Unit: retuned credit card and pending missions;
  • IT Unit: returned material (Sec ID, USB, GSM, Laptop);
  • Security Unit: returned EDA security badge;
  • Infrastructure Unit: returned signed asset management form.
9. Time limit for keeping the data
The retention policy with regard to the EDA Personal file applies: as part of the EDA Personal file, documents are kept for 5 years after the termination of employment at EDA, subject to settlement of pending rights such as pension payments, unemployment.
10. Recipients of the data

The Chief Executive, the Deputy Chief Executive, the Corporate Services Director, the Head of Human Resources Unit; The Human Resources Unit: as referred to in the end-of-employment Checklist; - Heads of Unit referred to in the end-of-employment Checklist: IT unit, Finance unit, Infrastructure and Security unit. - The Head of Unit of the exiting staff member and the Director under whom the Unit resorts; - The EDA Internal Auditor; - Institutions or bodies having a legitimate purpose of audit, of the exercise of supervisory tasks or in charge of judicial proceedings: the College of Auditors, the EU Ombudsman, OLAF, the EU Courts and any competent National Court.

11. Are there any transfers of personal data to third countries or international organisations? If so, to which ones and with which safeguards?
12. General description of security measures, where possible.
Having regard to the state of the art and the cost of their implementation, the controller has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks represented by the processing and the nature of the personal data to be protected (restricted access, logs, others). Such measures have been taken in particular to prevent any unauthorized disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and to prevent all others unlawful forms of processing.
13. For more information, including how to exercise your rights to access, rectification, object and data portability (where applicable), see the privacy statement
Additional information is available by following the link to privacy statement here.