Download pdf - EU Data Directive Workprogram.doc

Transcript

  • 8/11/2019 EU Data Directive Workprogram.doc

    1/18

    EU Data Directive Work Program

    I. European Union Data Directive Overview

    II. Privacy Awareness

    III. European Union Data Directive Work Program

    A. Data QualityData Collection

    Data Handling

    B. Rights of Data SubjectRight of InformationRight of Access

    Right to Object

    Rights with Regard to Automated Individual Decisions

    . Security of Processi!gConfidentiality

    Implemented Safeguards

    hird!"arty "rocessing

    D. "otificatio!Supervisory Authority"ersonal Data "rotection Official

    E. #ra!sfer of Data to #hir$ ou!trieshird Country Review

    IV. Country-peci!ic "e#uirements

    A. United Kingdom Requirements

    B. India Requirements

    Project #eam %list members&'

    Project #imi!g' Date Comments

    Planning

    Fieldwork

    Report Issuance (Local)

    Report Issuance (Worldwide)

    Page 1Source:ttp:!!www"knowledgeleader"com

    http://www.knowledgeleader.com/http://www.knowledgeleader.com/http://www.knowledgeleader.com/

  • 8/11/2019 EU Data Directive Workprogram.doc

    2/18

    (. Euro)ea! U!io! Data Directive * +vervie,

    #is section is intended to pro$ide an o$er$iew o% te &uropean 'nion Data Directi$e (&'DD)reuirements as te relate to pri$ac and securit o% personal data" #is o$er$iew *egins * descri*ingte o$erall o*+ecti$e o% te &'DD and proceeds to gi$e *ackground in%ormation surrounding te kepoints and clauses go$erning te protection o% te data"

    #e complete legal te,t o% te &'DD can *e %ound ere:ttp:!!www"cdt"org!pri$ac!eudirecti$e!&'-Directi$e-"tml

    -lossary of #erms

    Perso!al Data. /n in%ormation relating to an identi%ied or identi%ia*le person" #e data %ieldscomprising personal data are not e,plicitl stated in te &'DD0 *ut include an indi$iduals %irst name or%irst initial and last name0 Social Securit 2um*er (or oter national identi%ier)0 dri$ers license or stateidenti%ication num*er0 and account num*er or credit card num*er"

    Data Subject. / person wo can *e identi%ied0 directl or indirectl0 * personal data"

    Processi!g. /n operation or set o% operations tat is per%ormed upon personal data"

    o!troller. #e person0 pu*lic autorit0 agenc0 or oter *od wic alone or +ointl wit otersdetermines te purposes and means o% te processing o% personal data"

    Processor. #e person0 pu*lic autorit0 agenc0 or an oter *od tat processes personal data on*eal% o% te controller"

    Su)ervisory Authority. Pu*lic autorit appointed * te 3em*er State to *e responsi*le %ormonitoring te application o% te &'DD witin te State"

    #hir$ ou!try. /n countr tat is outside o% te &uropean 'nion"

    +bjective a!$ Sco)e#e goal o% te &'DD is to ensure tat 3em*er States protect te %undamental rigts and %reedoms o% allpeople0 in particular teir rigt to pri$ac wit respect to te processing o% data" /dditionall0 te &'DD isdesigned to ensure te unrestricted %ree %low o% in%ormation *etween mem*er states tanks to teprotection o% te data pro$ided * te reuirements o% te &'DD" #e &'DD applies to te processing o%all data0 eiter * automatic or manual means" &,ceptions to tese reuirements occur wen te acti$it%alls outside te scope o% Communit law (#itles 4 and 4I o% te #reat on &uropean 'nion)0 te data isprocessed as part o% a personal or ouseold acti$it0 or te data is related to pu*lic securit0 de%ense0State securit0 and criminal law"

    Pri!ci)les Relati!g to Data Quality3em*er states must ensure tat personal data is processed %airl and law%ull5 collected %or e,plicitlspeci%ied legitimate purposes and not %urter processed5 adeuate to meet te needs o% te processing5and not e,cessi$e in te amount o% data collected" #e data must also *e accurate and kept up6to6date0as well as kept in a manner tat permits te identi%ication o% indi$idual su*+ects %or no longer tan isnecessar %or te processing o% te data" Data re$ealing racial or etnic origin0 political opinions0 religiousor pilosopical *elie%s0 trade6union mem*ersip0 or ealt or se, li%e is proi*ited %rom *eing processed"

    Rights of Data SubjectData su*+ects must *e pro$ided wit te identit o% te controller o% te data5 te purposes o% te dataprocessing5 te recipients or categories o% recipients o% te data5 i% replies to uestions are o*ligator or$oluntar5 and te e,istence o% te rigt to access and recti% data concerning te su*+ect" Data su*+ects

    Page 7Source:ttp:!!www"knowledgeleader"com

    http://www.cdt.org/privacy/eudirective/EU_Directive_.htmlhttp://www.cdt.org/privacy/eudirective/EU_Directive_.htmlhttp://www.knowledgeleader.com/http://www.knowledgeleader.com/http://www.cdt.org/privacy/eudirective/EU_Directive_.htmlhttp://www.knowledgeleader.com/

  • 8/11/2019 EU Data Directive Workprogram.doc

    3/18

    also a$e te rigt to o*+ect on compelling legitimate grounds to te processing o% personal data0 unlessoterwise pro$ided * national legislation" I% tere is a +usti%ied o*+ection0 te data ma no longer *e used"

    Security of Processi!g/ppropriate tecnical and organi8ational measures must *e implemented to protect personal data againstaccidental or unlaw%ul destruction0 loss0 or alteration and unautori8ed disclosure or access" #esemeasures sould pro$ide a le$el o% securit appropriate to te risks represented * te nature o% te data*eing processed" I% data processing is done * a tird part0 te originating part must a$e a contract orlegal act tat reuires tat te processor acts onl on instructions %rom te originating part0 and meetste protection o*ligations mentioned a*o$e"

    "otificatio!/n organi8ation intending to process data must in%orm te States legal super$isor autorit *e%ore teprocessing is *egun0 unless te tpe o% data *eing processed is unlikel to ad$ersel a%%ect te rigts and%reedoms o% te data su*+ects0 or tere is a personal data protection o%%icial appointed witin teorgani8ation" #is personal data protection o%%icial is responsi*le %or ensuring in an independent mannertat te internal application o% te data processing is in accordance wit te &'DD0 and is alsoresponsi*le %or keeping a register o% te data processing operations carried out" 'pon receipt o% tenoti%ication o% data processing0 te super$isor autorit will re$iew te processing operation to identi%speci%ic risks related to te data processing and will e,amine tose operations prior to teir start"

    #ra!sfer of Data to #hir$ ou!tries#e 3em*er State sall re$iew te tird countr to see i% te laws in tat countr ensure an adeuatele$el o% protection %or te personal data" Particular consideration is gi$en to te nature o% te data0 tepurpose and duration o% te processing0 and te rules o% law in te tird countr"

    Page 9Source:ttp:!!www"knowledgeleader"com

    http://www.knowledgeleader.com/http://www.knowledgeleader.com/http://www.knowledgeleader.com/

  • 8/11/2019 EU Data Directive Workprogram.doc

    4/18

    ((. Privacy A,are!ess

    #e sur$e uestions *elow sould *e sent to te auditee prior to commencing %ieldwork" Responses%rom tese uestions will pro$ide te audit team wit an o$er$iew o% te auditees ig6le$el pri$acknowledge and awareness"

    Data Privacy A,are!ess Questio!sRes)o!se

    omme!tses "o

    "otSure

    1" /re ou %amiliar wit our compans internalpri$ac polic

    7" /re ou %amiliar wit te &uropean 'nion DataDirecti$e

    9" Do ou know i% tere is a local internal pri$acrepresentati$e I% so0 please pro$ide te appropriatename"

    ;" Wat in%ormation do ou collect tat isconsidered personal data N/A

  • 8/11/2019 EU Data Directive Workprogram.doc

    5/18

    (((. Euro)ea! U!io! Data Directive * Work Program

    A. Data Quality

    EUDD Re/uireme!t Au$it #estPrelimi!ary(!formatio!

    Re/uests

    Au$it

    Results

    Data Collection

    1" Data is collected %ore,plicitl speci%ied legitimatepurposes and not %urterprocessed"

    a" ?*tain and re$iewnoti%ication materialsgi$en to sample set o%data su*+ects prior todata collection"

    a" 2oti%icationmaterials pro$idedto sample set o%data su*+ectse,plaining te tpeo% processing totake place"

    *" Con%irm tat sampleset o% data su*+ectsare e,plicitl in%ormed

    o% te processing to*e per%ormed on teirdata"

    *" 2oti%icationmaterials pro$idedto a sample set o%

    data su*+ectse,plaining te tpeo% processing totake place"

    c" Comparein%ormation disclosedin noti%icationmaterials wit teactual data processingoperations completedon te sample dataset" &nsure tat teprocessing operations

    matc te disclosedin%ormation"

    c" Register o% dataprocessingoperations tatoccurred witregards to a sampledata set"

    7" Personal data ma *eprocessed onl i% it meets atleast one o% te %ollowingreuirements:

    #e data su*+ect as

    gi$en consent5

    Processing is necessar

    %or te per%ormance o% acontract or prior toentering into a contract %or

    te data su*+ect5 Processing is necessar

    %or compliance wit a legalo*ligation o% te controller5

    Processing is necessar in

    order to protect te $italinterests o% te datasu*+ect5

    Processing is necessar

    ?*tain and re$iewsample set o% data0along wit supportingdocumentation0 andidenti% wic o% tesi, reuirements %orlegitimate data a$e*een met"

    Supportingdocumentation %orsample set o% datasowing wic o%te si, reuirementste data meets"

    Page


Recommended

Data Protection Statement - True Influence...Data Protection Statement In May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive
Data Protection Statement - True Influence...Data Protection Statement In May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive Documents
D2.4 The EU Data Retention Directive: a case study …...D2.4 The EU Data Retention Directive: a case study in the legitimacy and effectiveness of EU counter-terrorism policy Chris
D2.4 The EU Data Retention Directive: a case study …...D2.4 The EU Data Retention Directive: a case study in the legitimacy and effectiveness of EU counter-terrorism policy Chris Documents
New EU Procurement Directive
New EU Procurement Directive Business
EU Cybersecurity Directive, Feb 2013
EU Cybersecurity Directive, Feb 2013 Documents
EU Data Protection Law: The Review of Directive 95/46/EC ... · "EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed General Data Protection Regulation" Peter
EU Data Protection Law: The Review of Directive 95/46/EC ... · "EU Data Protection Law: The Review of Directive 95/46/EC and the Proposed General Data Protection Regulation" Peter Documents
Implementation of EU Nitrates Directive
Implementation of EU Nitrates Directive Documents
Eu Offshore Safety Directive
Eu Offshore Safety Directive Documents
EU Energy Efficiency Directive (2012/27/EU) Guidebook for ...awsassets.panda.org/downloads/eed_guidebook.pdf · EU Energy Efficiency Directive (2012/27/EU) Guidebook for Strong Implementation
EU Energy Efficiency Directive (2012/27/EU) Guidebook for ...awsassets.panda.org/downloads/eed_guidebook.pdf · EU Energy Efficiency Directive (2012/27/EU) Guidebook for Strong Implementation Documents
EU Directive 73 44 EEC
EU Directive 73 44 EEC Documents
D2.4 The EU Data Retention Directive: a case study in the ... · D2.4 The EU Data Retention Directive: a case study in the legitimacy and ... from the adoption and transposition of
D2.4 The EU Data Retention Directive: a case study in the ... · D2.4 The EU Data Retention Directive: a case study in the legitimacy and ... from the adoption and transposition of Documents
EU Weee Directive
EU Weee Directive Documents
Vrije Universiteit Brussel The Achilles Heel of EU data ......EU personal data protection in a law enforcement context. KEYWORDS: Law Enforcement Directive, personal data transfers,
Vrije Universiteit Brussel The Achilles Heel of EU data ......EU personal data protection in a law enforcement context. KEYWORDS: Law Enforcement Directive, personal data transfers, Documents
COUNCIL DIRECTIVE amending Directive 2011/16/EU on ... · 13 Council Directive (EU) 2018/822 of 25 May 2018 amending Directive 2011/16/EU as regards mandatory automatic exchange of
COUNCIL DIRECTIVE amending Directive 2011/16/EU on ... · 13 Council Directive (EU) 2018/822 of 25 May 2018 amending Directive 2011/16/EU as regards mandatory automatic exchange of Documents
Legal Framework Eu Directive
Legal Framework Eu Directive Documents
EU Floods Directive AB-nin Dasqınlar ÜzrəDirektivikura-aras.iwlearn.org/EU-Azeri_Language_files/EU Floods Directive in Azeri.pdf · EU Floods Directive AB-nin Dasqınlar ÜzrəDirektivi
EU Floods Directive AB-nin Dasqınlar ÜzrəDirektivikura-aras.iwlearn.org/EU-Azeri_Language_files/EU Floods Directive in Azeri.pdf · EU Floods Directive AB-nin Dasqınlar ÜzrəDirektivi Documents
SINGLE MARKET TRANSPARENCY DIRECTIVE (Directive (EU) …
SINGLE MARKET TRANSPARENCY DIRECTIVE (Directive (EU) … Documents
SECTION A - GENERAL PROVISIONS - Lincolnshire … · Web viewthe General Data Protection Regulation (Regulation (EU) 2016/679), the Law Enforcement Directive (Directive (EU) 2016/680)
SECTION A - GENERAL PROVISIONS - Lincolnshire … · Web viewthe General Data Protection Regulation (Regulation (EU) 2016/679), the Law Enforcement Directive (Directive (EU) 2016/680) Documents
EU Fruit Juice Directive
EU Fruit Juice Directive Documents