Stakeholders

Identify the key parties involved in data processing.

Add Users to a Processing

Dastra allows you to attach users to a processing.

Note that these are not stakeholders but users (individuals who have an account on the Dastra platform).

User accounts must be created at least one hour before they can be added as stakeholders.

The roles thus defined will allow for efficient management and implementation of your processing in Dastra.

Here is a way to define user roles for your data processing activities:

Accountable: This is the user in Dastra who is responsible for validating that the processing and associated elements as indicated in Dastra are valid according to the organization's expectations. This person may be different from the data controller's signatory. For example, it could be a service manager, a DPO, or a DPO relay.
Responsible: This is the user who is responsible for carrying out the necessary actions on the processing and describing it. This could involve implementing data security measures, managing access, or any other task required to ensure the compliance of the processing. This could be a project manager or a dedicated business manager.
Informed: This category includes users who need to be kept informed of the progress and status of the processing without having an active role in its validation or implementation. This may include members of the management team, project managers, or other stakeholders who have an interest in the processing.

Add a processing implementation manager

You can indicate the stakeholders involved in the implementation of the processing. This can for example be a service or a department of a company (such as the human resources department for example) but also a dedicated person if it's a project (project manager for example).

You also indicate the identity of the representative of the controller, if applicable, of the joint controller(s).

Add a joint controller (co-controller)

To add a joint controller, add a new stakeholder and select "Joint controller".

You will be prompted to add a stakeholder as a joint controller.

Add a Person in Charge of Implementing the Processing

The person in charge of implementing corresponds to the service that is operationally responsible for the processing. This is generally the service that uses the data and carries out the processing activity.

This can be either a service or an individual.

In Dastra, you will need to add an actor.

Add a Representative of the Data Controller

The representative of the data controller corresponds to the operational representative of the data controller (DC). For example, this could be a member of the executive committee or a municipal councilor (with the DC being represented by the mayor).

Add an Operational Data Controller (ODC)

The Operational Data Controller (ODC) is a concept that can be used in GDPR governance to designate a person or entity with a key role in the operational implementation of personal data processing.

📌 Role of the ODC in GDPR Governance The ODC (Operational Data Controller) is not a concept explicitly defined by the GDPR, but it can be used internally by some organizations to designate a person with specific operational responsibilities in managing data processing activities.

Implementation of Data Processing

The ODC often serves as an operational relay for the Data Controller (DC) within a business unit (e.g., HR, Marketing, IT, etc.).
They are responsible for executing data processing activities on a daily basis, in accordance with the instructions of the Data Controller and in compliance with GDPR principles.

Application of Compliance Measures

The ODC ensures that processing activities are carried out in accordance with internal compliance policies and GDPR obligations.
They apply technical and organizational measures defined by the company to ensure the security and confidentiality of personal data.

Collaboration with the DPO and the Data Controller

The ODC works closely with the Data Protection Officer (DPO) to ensure that data processing activities comply with data protection rules.
They can act as a key contact for the DPO, particularly in handling data subject requests (e.g., access, rectification, deletion).

Incident and Data Breach Management

The ODC may be involved in detecting and managing data breaches, applying internal procedures to react quickly and notify incidents if necessary.
They monitor incidents and assist in implementing corrective actions.

Documentation and Maintenance of the Processing Register

The RTO contributes to updating the register of processing activities, documenting the processing under their responsibility and ensuring that relevant information is properly reported to the Data Controller or DPO.

🎯 Difference Between Data Controller and Operational Data Controller

Criteria

Data Controller (DC)

Operational Data Controller (ODC)

Role

Defines the purposes and means of processing

Implements processing activities in practice

Decision-making

Decides why and how data is processed

Applies decisions and manages execution

Legal responsibility

Holds legal responsibility in case of non-compliance

Operates under the authority of the DC

Interaction with the DPO

Works with the DPO to define policies

Implements DPO recommendations

Dernière mise à jour il y a 15 jours

Cet article vous a-t-il été utile ?

Stakeholders

Identify the key parties involved in data processing.

Add Users to a Processing

Dastra allows you to attach users to a processing.

Note that these are not stakeholders but users (individuals who have an account on the Dastra platform).

User accounts must be created at least one hour before they can be added as stakeholders.

The roles thus defined will allow for efficient management and implementation of your processing in Dastra.

Here is a way to define user roles for your data processing activities:

Accountable: This is the user in Dastra who is responsible for validating that the processing and associated elements as indicated in Dastra are valid according to the organization's expectations. This person may be different from the data controller's signatory. For example, it could be a service manager, a DPO, or a DPO relay.
Responsible: This is the user who is responsible for carrying out the necessary actions on the processing and describing it. This could involve implementing data security measures, managing access, or any other task required to ensure the compliance of the processing. This could be a project manager or a dedicated business manager.
Informed: This category includes users who need to be kept informed of the progress and status of the processing without having an active role in its validation or implementation. This may include members of the management team, project managers, or other stakeholders who have an interest in the processing.

Add a processing implementation manager

You also indicate the identity of the representative of the controller, if applicable, of the joint controller(s).

Add a joint controller (co-controller)

To add a joint controller, add a new stakeholder and select "Joint controller".

You will be prompted to add a stakeholder as a joint controller.

Add a Person in Charge of Implementing the Processing

This can be either a service or an individual.

In Dastra, you will need to add an actor.

Add a Representative of the Data Controller

Add an Operational Data Controller (ODC)

Implementation of Data Processing

The ODC often serves as an operational relay for the Data Controller (DC) within a business unit (e.g., HR, Marketing, IT, etc.).
They are responsible for executing data processing activities on a daily basis, in accordance with the instructions of the Data Controller and in compliance with GDPR principles.

Application of Compliance Measures

The ODC ensures that processing activities are carried out in accordance with internal compliance policies and GDPR obligations.
They apply technical and organizational measures defined by the company to ensure the security and confidentiality of personal data.

Collaboration with the DPO and the Data Controller

The ODC works closely with the Data Protection Officer (DPO) to ensure that data processing activities comply with data protection rules.
They can act as a key contact for the DPO, particularly in handling data subject requests (e.g., access, rectification, deletion).

Incident and Data Breach Management

The ODC may be involved in detecting and managing data breaches, applying internal procedures to react quickly and notify incidents if necessary.
They monitor incidents and assist in implementing corrective actions.

Documentation and Maintenance of the Processing Register

The RTO contributes to updating the register of processing activities, documenting the processing under their responsibility and ensuring that relevant information is properly reported to the Data Controller or DPO.

🎯 Difference Between Data Controller and Operational Data Controller

Criteria

Data Controller (DC)

Operational Data Controller (ODC)

Role

Defines the purposes and means of processing

Implements processing activities in practice

Decision-making

Decides why and how data is processed

Applies decisions and manages execution

Legal responsibility

Holds legal responsibility in case of non-compliance

Operates under the authority of the DC

Interaction with the DPO

Works with the DPO to define policies

Implements DPO recommendations

Dernière mise à jour il y a 15 jours

Cet article vous a-t-il été utile ?