presentación de powerpoint · 2019-12-03 · workgroup on pia and risk analysis gestiona eipd/pia...

AEPD TOOLS

https://www.aepd.es/herramientas/index.html

Andrés Calvo

Unit of technological studies and assessments


Haga clic para modificar el estilo de título del patrón TOOLS REQUIRED



Haga clic para modificar el estilo de título del patrón

RISK LEVELS

NEED ANALYSIS

NEEDED?

No

NO-NEED REPORT

PERSONAL DATA LIFE CYCLE ANALYSIS

lawfullness, proportionality and need of data processing


Action Plan Conclusions

Risk management (1)

Risk Management (2)

Residual risk OK?

ART. 36 GDPR

CONTROL AUTHORITY


No yes

FACILITA

PIA: HIGH RISK

RISK ANALYSIS

DATA PROCESSING

LOW RISK

(1) Basic measures

(2) Advances measures

PROTECTION:

FACILITA RGPD

• MICROENTERPRISES (9 or less employees).

• MOST COMMON DATA PROCESSING: – LOW RISK TO THE RIGHTS AND FREEDOMS OF NATURAL

PERSONS – CUSTOMERS / SUPPLIERS – PAYROLL MANAGEMENT, STAFF, HUMAN RESOURCES – VIDEO SURVEILLANCE

• USEFUL FOR ANY LOW RISK PROCESSING

FACILITA INITIAL FOCUS

FACILITA RGPD

• IMPLEMENTATION OF SEVERAL SPANISH DATA PROTECTION AGENCY GUIDELINES:

– GUIDELINES FOR DATA CONTROLLERS

– GUIDELINES FOR THE DUTY TO INFORM

– GUIDELINES ON CONTRACT CLAUSES FOR PROCESSORS

FACILITA RGPD

• ASSIST THE CONTROLLERS IN THE ELABORATION OF:

– REGISTRY OF DATA PROCESSING ACTIVITIES

– INFORMATION CLAUSES FOR DATA SUBJECTS

– CONTRACTUAL CLAUSES FOR DATA PROCESSORS

– BASIC TECHNICAL AND ORGANIZATIONAL MEASURES

FACILITA RGPD

DISCARD RISKY PROCESSING

CASES

COLLECT CONTROLLER

INFORMATION

COLLECT PROCESSING

DETAILS

GENERATE OUTCPUT

DOCUMENTS

• OPERATING PHASES:

FACILITA RGPD

DISCARD RISKY PROCESSING

CASES

FACILITA RGPD

COLLECT CONTROLLER

INFORMATION

FACILITA RGPD

COLLECT PROCESSING

DETAILS

CUSTOMERS/CLIENTS DATA PROCESSING

FACILITA RGPD

COLLECT PROCESSING

DETAILS

EMPLOYEES DATA PROCESSING, …

FACILITA RGPD

GENERATE OUTPUT

DOCUMENT

FACILITA RGPD

• IMPORTANT NOTE: DISCLAIMER

– FACILITA_RGPD USAGE DOES NOT GURANTEE GDPR COMPLIANCE, IT IS JUST AN AID

– SPANISH DATA PROTECTION AGENCY DOES NOT STORE ANY DATA COLLECTED, DATA IS DELETED AFTER OUTCOME DOCUMENTS ARE GENERATED

FACILITA RGPD

https://www.servicios.agpd.es/Facilita

https://www.servicios.agpd.es/Facilita

FACILITA RGPD


RISK LEVELS

NEED ANALYSIS

NEEDED?

No

NO-NEED REPORT


Legitimación, necesidad y proporcionalidad del tratamiento



Risk management (1)

Risk Management (2)

Residual risk OK?

ART. 36 GDPR

CONTROL AUTHORITY


No yes

FACILITA

EIPD: HIGH RISK

RISK ANALYSIS

DATA PROCESSING

LOW RISK

(1) Basic measures

(2) Advances measures

PROTECTION:


https://gestiona.aepd.es/

https://gestiona.aepd.es/


RISK ANALYSIS

GESTIONA EIPD/PIA


RISK ANALYSIS

GESTIONA EIPD/PIA

PERSONAL DATA LIFE CYCLE

COLLECTING DATA

STORING DATA

USING DATA THIRD

PARTIES DATA TRANSFERS

DESTROYNG DATA



RISK ANALYSIS

GESTIONA EIPD/PIA

RISK MANAGEMENT

IDENTIFICATE EVALUATE MITIGATE



PIA

GESTIONA EIPD/PIA


PIA

GESTIONA EIPD/PIA

NEED ANALYSIS

AUTHORITIES LISTS SENSIBLE DATA

PURPOSE OF DATA

TECHNOLOGIES INVOLVED

THIRD PARTIES DATA TRANSFERS

RISK PERCEPTION LAWFULNESS



PIA

GESTIONA EIPD/PIA

PERSONAL DATA LIFE CYCLE

COLLECTING DATA

STORING DATA

USING DATA THIRD

PARTIES DATA TRANSFERS

DESTROYNG DATA



PIA

GESTIONA EIPD/PIA

LAWFULNESS ASPECTS

CONSENT CONTRACTS LEGAL DUTY PUBLIC INTEREST

LEGITIMATE INTEREST



PIA: RISK ANALYSIS

GESTIONA EIPD/PIA

RISK MANAGEMENT

IDENTIFY EVALUATE MITIGATE



PIA: RISK ANALYSIS

GESTIONA EIPD/PIA

• OPERATING PHASES: OUTPUT


METHODOLOGY

- 29WG/EDPB GUIDELINES - AEPD GUIDELINES - ISO: 31000:2010, 31010:2010, 29134:2017

GESTIONA EIPD/PIA


NEXT STEPS:

GESTIONA EIPD/PIA


WORKGROUP ON PIA AND RISK ANALYSIS

GESTIONA EIPD/PIA

SPANISH PUBLIC ADMINISTRATION WORKGROUP ON PRELIMINARY IMPACT ASSESSMENTS AND RISK

ANALYSIS:

• AEPD

• LABOUR MINISTRY

• INFORMATION TECHNOLOGY MANAGEMENT FOR THE SOCIAL SECURITY

presentación de powerpoint · 2019-12-03 · workgroup on pia and risk analysis gestiona eipd/pia...

Documents