1 / 14

Training Course on Data Protection

Training Course on Data Protection. March 9th, 2005 Notification to the Data Protection Officer (DPO) and Access to the Register. Nico Hilbert Assistant to the Data Protection Officer xxxx.xxxxxxx@xxx.xx.xxx. Objective of the presentation. General principles for the Register

bowen
Télécharger la présentation

Training Course on Data Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Training Course on Data Protection March 9th, 2005 Notification to the Data Protection Officer (DPO) and Access to the Register Nico Hilbert Assistant to the Data Protection Officer xxxx.xxxxxxx@xxx.xx.xxx Data Protection Office

  2. Objective of the presentation • General principles for the Register • General principles for Notifications • Principles for Commission specific aspects on Notifications - The Actors • Why is the Notification system Online? • Objective of the IS NDPO&R Data Protection Office

  3. Principles for the Register (1) • What is the “Register” of the DPO : • The collection of all “Notifications” send to the DPO by “Controllers”; • Why is a “Register” needed? • To conform to Regulation 45/2001as defined in article 26 - Register : • “A register of processing operations notified in accordance with Article 25 shall be kept by each Data Protection Officer”; • “The registers may be inspected by any person”; Data Protection Office

  4. Principles for the Register (2) • What is the contents of the “Register”? • Article 26 says: “The register shall contain at least the information referred to in Article 25(2)(a) to (g)”; (a) the name and address of the controller; (b) the purpose of the processing; (c) a description of the categories of data subjects and of the data or categories of data relating to them; (d) the legal basis of the processing; (e) the recipients or categories of recipient disclosed; (f) a general indication of the time limits for blocking and erasure of the different categories of data; (g) proposed transfers of data to third countries or international organisations. Data Protection Office

  5. Principles for Notifications (1) • What is a “Notification” and who is responsible for it? • Prior notice of the “Controller” to the DPO of any processing operation (manual & electronic) in which personal data is involved; • When is a “Notification” needed? • If personal data is processed; • Why is a “Notification” needed? • To conform to Regulation 45/2001 : Data Protection Office

  6. Principles for Notifications (2) • as defined in article 25 - Notification to the Data Protection Officer; • as defined in articles 24.1(e) - Data Protection Officer + 27 - Prior checking • What is the contents of a “Notification”? • Same information as requested by article 26 (Article 25(2)(a) to (g)”) + paragraph (h) of article 25; • Article 25 (h) a general description allowing a preliminary assessment to be made of the appropriateness of the measures taken pursuant to Article 22 to ensure security of processing. Data Protection Office

  7. Principles for Commission specific aspects on Notifications (1) • Actors (Players) in the context of a “Notification” : • European Data Protection Supervisor (EDPS): DPO submits to EDPS Notification for Prior checking; • Data Protection Officer (DPO): receives the Notification in the Register and gives prior-advice on it; • Controller: is responsible for the Notification; Data Protection Office

  8. Principles for Commission specific aspects on Notifications (2) • Delegated Controller: A Delegated Controller may be designated by the Controller to prepare under his/her responsibility the notification to the DPO and to assure all the related co-ordination with the Data Protection Coordinator and others concerned with data protection inside or outside the respective Directorate General. • Data protection Co-ordinator (DPC): gives advice and helps the Controller and Delegated Controller; • Processor(s): process(es) personal data on behalf of the Controller; Data Protection Office

  9. Principles for Commission specific aspects on Notifications (3) • Project leader/Developer/IRM/HU DC: help to fill-in Notification concerning specific aspects related to their implication in the definition resp. execution/operation of the processing. Data Protection Office

  10. Interaction between Main Players European Data Protection Supervisor (EDPS) DG Data ProtectionCoordinator Controller Data Protection Officer (DPO) Controller Register Controller Controller Any body Data Subjects Data Protection Office

  11. The Online Information System NDPO&R • Implements Regulation 45/2001 • Browser based (Internet Explorer) • Online Notification System and Access to the Register which translate articles 25+26+ • Writes notifications into the DPO’s “Register” - translates article 26 • Has a built-in workflow system (see actors) Data Protection Office

  12. Why is the Notification system Online? • To avoid any interaction of the DPO with the content of the final Notification • To avoid that the DPO is involved in the process of writing notifications in the Register • To give an integrated help (legal and question based) • To have all legal references needed available online • To interact electronically between actors in preparing notifications • To keep independent electronic track of prior advice by DPO and EDPS for legal reasons • To have integrated access of Data Subjects Data Protection Office

  13. Objective of the IS NDPO&R • To implement (parts of) Regulation 45/2001 • mainly articles 25 and 26 • The prior Notification of Controllers to the DPO of all processing operations performed upon personal data by the institution • The creation of the Register of the DPO • The public access to the Register as requested by article 26 Data Protection Office

  14. Notification to the Data Protection Officer (DPO) • Since October 2003 the DPO has also made available on his web site on IntraComm a Simplified Notification System for small adhoc “processing of personal data” • this new system is compatible with the standard online Notification System • Any Questions? • Thank you for your attention! Data Protection Office

More Related