Stakeholders
Identify the key parties involved in data processing.
Add Users to a Processing
Dastra allows you to attach users to a processing.
Note that these are not stakeholders but users (individuals who have an account on the Dastra platform).
User accounts must be created at least one hour before they can be added as stakeholders.
The roles thus defined will allow for efficient management and implementation of your processing in Dastra.
Here is a way to define user roles for your data processing activities:
Accountable: This is the user in Dastra who is responsible for validating that the processing and associated elements as indicated in Dastra are valid according to the organization's expectations. This person may be different from the data controller's signatory. For example, it could be a service manager, a DPO, or a DPO relay.
Responsible: This is the user who is responsible for carrying out the necessary actions on the processing and describing it. This could involve implementing data security measures, managing access, or any other task required to ensure the compliance of the processing. This could be a project manager or a dedicated business manager.
Informed: This category includes users who need to be kept informed of the progress and status of the processing without having an active role in its validation or implementation. This may include members of the management team, project managers, or other stakeholders who have an interest in the processing.
Add a processing implementation manager
You can indicate the stakeholders involved in the implementation of the processing. This can for example be a service or a department of a company (such as the human resources department for example) but also a dedicated person if it's a project (project manager for example).
You also indicate the identity of the representative of the controller, if applicable, of the joint controller(s).
Add a joint controller (co-controller)
To add a joint controller, add a new stakeholder and select "Joint controller".
You will be prompted to add a stakeholder as a joint controller.
Add a Person in Charge of Implementing the Processing
The person in charge of implementing corresponds to the service that is operationally responsible for the processing. This is generally the service that uses the data and carries out the processing activity.
This can be either a service or an individual.
In Dastra, you will need to add an actor.
Add a Representative of the Data Controller
The representative of the data controller corresponds to the operational representative of the data controller (DC). For example, this could be a member of the executive committee or a municipal councilor (with the DC being represented by the mayor).
Add an Operational Data Controller (ODC)
The Operational Data Controller (ODC) is a concept that can be used in GDPR governance to designate a person or entity with a key role in the operational implementation of personal data processing.
📌 Role of the ODC in GDPR Governance The ODC (Operational Data Controller) is not a concept explicitly defined by the GDPR, but it can be used internally by some organizations to designate a person with specific operational responsibilities in managing data processing activities.
Implementation of Data Processing
The ODC often serves as an operational relay for the Data Controller (DC) within a business unit (e.g., HR, Marketing, IT, etc.).
They are responsible for executing data processing activities on a daily basis, in accordance with the instructions of the Data Controller and in compliance with GDPR principles.
Application of Compliance Measures
The ODC ensures that processing activities are carried out in accordance with internal compliance policies and GDPR obligations.
They apply technical and organizational measures defined by the company to ensure the security and confidentiality of personal data.
Collaboration with the DPO and the Data Controller
The ODC works closely with the Data Protection Officer (DPO) to ensure that data processing activities comply with data protection rules.
They can act as a key contact for the DPO, particularly in handling data subject requests (e.g., access, rectification, deletion).
Incident and Data Breach Management
The ODC may be involved in detecting and managing data breaches, applying internal procedures to react quickly and notify incidents if necessary.
They monitor incidents and assist in implementing corrective actions.
Documentation and Maintenance of the Processing Register
The RTO contributes to updating the register of processing activities, documenting the processing under their responsibility and ensuring that relevant information is properly reported to the Data Controller or DPO.
🎯 Difference Between Data Controller and Operational Data Controller
Criteria
Data Controller (DC)
Operational Data Controller (ODC)
Role
Defines the purposes and means of processing
Implements processing activities in practice
Decision-making
Decides why and how data is processed
Applies decisions and manages execution
Legal responsibility
Holds legal responsibility in case of non-compliance
Operates under the authority of the DC
Interaction with the DPO
Works with the DPO to define policies
Implements DPO recommendations
Dernière mise à jour
Cet article vous a-t-il été utile ?