presentación de powerpoint · 2019-12-03 · workgroup on pia and risk analysis gestiona eipd/pia...
TRANSCRIPT
AEPD TOOLS
https://www.aepd.es/herramientas/index.html
Andrés Calvo
Unit of technological studies and assessments
Haga clic para modificar el estilo de título del patrón TOOLS REQUIRED
https://www.aepd.es/herramientas/index.html
Haga clic para modificar el estilo de título del patrón
RISK LEVELS
NEED ANALYSIS
NEEDED?
No
NO-NEED REPORT
PERSONAL DATA LIFE CYCLE ANALYSIS
lawfullness, proportionality and need of data processing
PERSONAL DATA LIFE CYCLE ANALYSIS
Action Plan Conclusions
Risk management (1)
Risk Management (2)
Residual risk OK?
ART. 36 GDPR
CONTROL AUTHORITY
Action Plan Conclusions
No yes
FACILITA
PIA: HIGH RISK
RISK ANALYSIS
DATA PROCESSING
LOW RISK
(1) Basic measures
(2) Advances measures
PROTECTION:
Haga clic para modificar el estilo de título del patrón TOOLS REQUIRED
https://www.aepd.es/herramientas/index.html
FACILITA RGPD
• MICROENTERPRISES (9 or less employees).
• MOST COMMON DATA PROCESSING: – LOW RISK TO THE RIGHTS AND FREEDOMS OF NATURAL
PERSONS – CUSTOMERS / SUPPLIERS – PAYROLL MANAGEMENT, STAFF, HUMAN RESOURCES – VIDEO SURVEILLANCE
• USEFUL FOR ANY LOW RISK PROCESSING
FACILITA INITIAL FOCUS
FACILITA RGPD
• IMPLEMENTATION OF SEVERAL SPANISH DATA PROTECTION AGENCY GUIDELINES:
– GUIDELINES FOR DATA CONTROLLERS
– GUIDELINES FOR THE DUTY TO INFORM
– GUIDELINES ON CONTRACT CLAUSES FOR PROCESSORS
FACILITA RGPD
• ASSIST THE CONTROLLERS IN THE ELABORATION OF:
– REGISTRY OF DATA PROCESSING ACTIVITIES
– INFORMATION CLAUSES FOR DATA SUBJECTS
– CONTRACTUAL CLAUSES FOR DATA PROCESSORS
– BASIC TECHNICAL AND ORGANIZATIONAL MEASURES
FACILITA RGPD
DISCARD RISKY PROCESSING
CASES
COLLECT CONTROLLER
INFORMATION
COLLECT PROCESSING
DETAILS
GENERATE OUTCPUT
DOCUMENTS
• OPERATING PHASES:
FACILITA RGPD
DISCARD RISKY PROCESSING
CASES
FACILITA RGPD
DISCARD RISKY PROCESSING
CASES
FACILITA RGPD
DISCARD RISKY PROCESSING
CASES
FACILITA RGPD
COLLECT CONTROLLER
INFORMATION
FACILITA RGPD
COLLECT PROCESSING
DETAILS
CUSTOMERS/CLIENTS DATA PROCESSING
FACILITA RGPD
COLLECT PROCESSING
DETAILS
EMPLOYEES DATA PROCESSING, …
FACILITA RGPD
GENERATE OUTPUT
DOCUMENT
FACILITA RGPD
• IMPORTANT NOTE: DISCLAIMER
– FACILITA_RGPD USAGE DOES NOT GURANTEE GDPR COMPLIANCE, IT IS JUST AN AID
– SPANISH DATA PROTECTION AGENCY DOES NOT STORE ANY DATA COLLECTED, DATA IS DELETED AFTER OUTCOME DOCUMENTS ARE GENERATED
FACILITA RGPD
Haga clic para modificar el estilo de título del patrón
RISK LEVELS
NEED ANALYSIS
NEEDED?
No
NO-NEED REPORT
PERSONAL DATA LIFE CYCLE ANALYSIS
Legitimación, necesidad y proporcionalidad del tratamiento
PERSONAL DATA LIFE CYCLE ANALYSIS
Action Plan Conclusions
Risk management (1)
Risk Management (2)
Residual risk OK?
ART. 36 GDPR
CONTROL AUTHORITY
Action Plan Conclusions
No yes
FACILITA
EIPD: HIGH RISK
RISK ANALYSIS
DATA PROCESSING
LOW RISK
(1) Basic measures
(2) Advances measures
PROTECTION:
Haga clic para modificar el estilo de título del patrón TOOLS REQUIRED
https://www.aepd.es/herramientas/index.html
Haga clic para modificar el estilo de título del patrón TOOLS REQUIRED
https://gestiona.aepd.es/
Haga clic para modificar el estilo de título del patrón
RISK ANALYSIS
GESTIONA EIPD/PIA
Haga clic para modificar el estilo de título del patrón
RISK ANALYSIS
GESTIONA EIPD/PIA
PERSONAL DATA LIFE CYCLE
COLLECTING DATA
STORING DATA
USING DATA THIRD
PARTIES DATA TRANSFERS
DESTROYNG DATA
• OPERATING PHASES:
Haga clic para modificar el estilo de título del patrón
RISK ANALYSIS
GESTIONA EIPD/PIA
RISK MANAGEMENT
IDENTIFICATE EVALUATE MITIGATE
• OPERATING PHASES:
Haga clic para modificar el estilo de título del patrón
PIA
GESTIONA EIPD/PIA
Haga clic para modificar el estilo de título del patrón
PIA
GESTIONA EIPD/PIA
NEED ANALYSIS
AUTHORITIES LISTS SENSIBLE DATA
PURPOSE OF DATA
TECHNOLOGIES INVOLVED
THIRD PARTIES DATA TRANSFERS
RISK PERCEPTION LAWFULNESS
• OPERATING PHASES:
Haga clic para modificar el estilo de título del patrón
PIA
GESTIONA EIPD/PIA
PERSONAL DATA LIFE CYCLE
COLLECTING DATA
STORING DATA
USING DATA THIRD
PARTIES DATA TRANSFERS
DESTROYNG DATA
• OPERATING PHASES:
Haga clic para modificar el estilo de título del patrón
PIA
GESTIONA EIPD/PIA
LAWFULNESS ASPECTS
CONSENT CONTRACTS LEGAL DUTY PUBLIC INTEREST
LEGITIMATE INTEREST
• OPERATING PHASES:
Haga clic para modificar el estilo de título del patrón
PIA: RISK ANALYSIS
GESTIONA EIPD/PIA
RISK MANAGEMENT
IDENTIFY EVALUATE MITIGATE
• OPERATING PHASES:
Haga clic para modificar el estilo de título del patrón
PIA: RISK ANALYSIS
GESTIONA EIPD/PIA
• OPERATING PHASES: OUTPUT
Haga clic para modificar el estilo de título del patrón
METHODOLOGY
- 29WG/EDPB GUIDELINES - AEPD GUIDELINES - ISO: 31000:2010, 31010:2010, 29134:2017
GESTIONA EIPD/PIA
Haga clic para modificar el estilo de título del patrón
NEXT STEPS:
GESTIONA EIPD/PIA
Haga clic para modificar el estilo de título del patrón
WORKGROUP ON PIA AND RISK ANALYSIS
GESTIONA EIPD/PIA
SPANISH PUBLIC ADMINISTRATION WORKGROUP ON PRELIMINARY IMPACT ASSESSMENTS AND RISK
ANALYSIS:
• AEPD
• LABOUR MINISTRY
• INFORMATION TECHNOLOGY MANAGEMENT FOR THE SOCIAL SECURITY
34