Data protection by design Sample Clauses

Data protection by design. A central plank of the upcoming GDPR is data protection by design and by default. This will fall under the remit of a data protection officer who ensures that “requirements related to data protection by design, data protection by default and data security and to the information of data subjects and their requests in exercising their rights under this Regulation; (d) to ensure that the documentation referred to in Article 28 is maintained” (See GDPR section 4). Given the complexity and importance of these central conceptsit will be prudent to enact awareness raising on a HBP-wide basis, so that the data protection officer (once appointed) can expect meaningful engagement with these ideas. This is a topic that has arisen in the light of the DGWG’s data policy manual and so coordination with that strand of HBP work will be valuable.
View Source
Data protection by design. The main legal source for data protection is of course the GDPR10. There are other provisions11, though, which need to be taken into account for a deep Data Protection Impact Assessment (DPIA). Work Package 2 of the Me-CODEX II project has worked out such a DPIA for e-CODEX and came to the final conclusion of a positive validation result. This document therefore does not intend to repeat the DPIA but focusses on the justification, why data protection is applied to e-CODEX data not only as an added feature but by the design of the concept. It has been pointed out above an in previous documents, that e-CODEX provides an infrastructure for communication (mainly between judicial authorities). For judicial use cases it is clear, that data is transferred, on which data protection regulations are applicable. The GDPR foresees that personal data can be transferred (i.e., processed) if it is based on one of the listed justifications. Further, personal data needs to be avoided where it is not necessary. Finally, if personal data is processed, appropriate measures need to be installed, to reduce the risk of a privacy breach with due dilligence. e- CODEX applies such measures – again – not as extra features, but as an integral part of its design: • As pointed out in the chapter 2Security by Design” encryption is applied on several layers. The Gateway-to-Gateway communication is done via an encrypted channel and additionally, the Connector-to-Connector communication is encrypted, as well, to add even further security. Messages are signed to proof their authenticity. • Additional encryption and authentication levels can be applied per e-CODEX use case. • Participation in e-CODEX use cases is only possible for mutually acknowledged and authorised partners. • For the transmission of data, the data needs to be processed. For this processing the data is stored temporarily. Then, after the processing, the data is automatically deleted. No personal data is stored permanently whatsoever. • The temporary storage is done on the local instances of the e-CODEX Access Points. By design, there is no central data storage in place, as e-CODEX is a mere decentralised, peer- to-peer communication network without any central authority in between. The high level of various data protection measures of e-CODEX is good starting point for privacy- compliant judicial communication. Still, the final responsibility lies with the operators of national e- CODEX participants and needs to take add...
View Source

Related to Data protection by design

  • Data Protection All personal data contained in the agreement shall be processed in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Such data shall be processed solely in connection with the implementation and follow-up of the agreement by the sending institution, the National Agency and the European Commission, without prejudice to the possibility of passing the data to the bodies responsible for inspection and audit in accordance with EU legislation (Court of Auditors or European Antifraud Office (▇▇▇▇)). The participant may, on written request, gain access to his personal data and correct any information that is inaccurate or incomplete. He/she should address any questions regarding the processing of his/her personal data to the sending institution and/or the National Agency. The participant may lodge a complaint against the processing of his personal data with the [national supervising body for data protection] with regard to the use of these data by the sending institution, the National Agency, or to the European Data Protection Supervisor with regard to the use of the data by the European Commission.

  • Cybersecurity; Data Protection To the Company’s knowledge, the Company and its subsidiaries’ information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company and its subsidiaries as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company and its subsidiaries have implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect their material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (collectively, the “Personal Data”)) used in connection with their businesses, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same, except in each case as would not reasonably be expected to have a Material Adverse Effect. The Company and its subsidiaries are presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification.

  • DATA PROTECTION AND PRIVACY 14.1 In addition to Supplier’s obligations under Sections 6, 9, 10, and 15, Supplier will comply with this Section 14 when processing Accenture Personal Data. "Accenture Personal Data" means personal data owned, licensed, or otherwise controlled or processed by Accenture including personal data processed by Accenture on behalf of its clients. “Accenture Data” means all information, data and intellectual property of Accenture or its clients or other suppliers, collected, stored, hosted, processed, received and/or generated by Supplier in connection with providing the Deliverables to Accenture, including Accenture Personal Data.

  • Privacy and Data Protection 8.1 The Receiving Party undertakes to comply with South Africa’s general privacy protection in terms Section 14 of the ▇▇▇▇ of Rights in connection with this Bid and shall procure that its personnel shall observe the provisions of such Act [as applicable] or any amendments and re-enactments thereof and any regulations made pursuant thereto. 8.2 The Receiving Party warrants that it and its Agents have the appropriate technical and organisational measures in place against unauthorised or unlawful processing of data relating to the Bid and against accidental loss or destruction of, or damage to such data held or processed by them.

  • Freedom of Information and Protection of Privacy Act Any information provided on this contract may be subject to release under the Freedom of Information and Protection of Privacy Act. The Contractor may be consulted prior to release of any information.