DASTRA
English
English
  • What is Dastra
  • 🇪🇺USEFUL REMINDERS
    • What is GDPR ?
    • GDPR key concepts
      • Personal data
      • Record of processing activities (ROPA)
      • Privacy impact assessment
      • Data retention period
      • Data Subject Rights (DSR)
      • Privacy by design and by default
      • Security measures
      • Data breach notifications
    • Risk management
      • Definition of risks
      • Risk assessment
      • Vendor risk management
  • 🧑‍🎓GETTING STARTED
    • Setting up
      • Create and set up a workspace
      • Create and set up organizational units
      • Appointing a DPO
      • Add a lead authority
      • Invite users
      • Managing roles and permissions
      • Create and assign teams
      • Frequently asked questions
    • Tutorial
      • Step 1: Setting up
      • Step 2: Map your personal data processing and draw up a register
      • Step 3: Managing risks
      • Step 4: Prioritize actions
      • Step 5: Implement internal processes
      • Step 6: Document compliance
    • Support
      • The dastronaut's assistant
      • Online help
      • Request support
      • The customer support process
  • ⚙️Features
    • Dashboard
    • General
      • Advanced Filters
      • Import your data (Excel, Csv)
      • Tag management
      • Custom fields
      • AI Assistant
      • Email templates
    • Data Mapping
    • Record of processing activities
      • "Data controller" record
      • "Data processor" record
      • Establish your record
      • Export / import the record
      • Use a processing activity template
      • Declare a processing activity
      • Complete a data processing activity
        • General information
        • Stakeholders
        • Purposes
        • Dataset
        • Assets
        • Data subjects
        • Data subjects rights (DSR)
        • Recipients
          • Data transfers outside the EU
        • Security measures
        • Impact analysis
        • Documentation
      • Create relationships between processing activities
      • Processing freshness
      • Share the record of processing
      • Data visualization
        • View the treatment tree
        • View the record data map
        • View the transfers map
      • Frequently asked questions
    • Audits and DPIA
      • Create or modify an audit template or DPIA
      • Scheduling an audit or a PIA
      • Share an audit report or PIA
      • FAQ
    • Privacy hubs
      • Create a Privacy hub
      • Configure your Privacy hub
        • Homepage and general configuration
        • Questionnaires
        • Data subject requests
        • Record of processing activities
        • Attachments
        • Organizational chart
        • Contacts
        • Security
        • Appearance and design
      • Preview and share your privacy hub
      • Collecting data processing projects from a Privacy hub.
    • Contracts
      • Declare a Contract
      • Structure of a contract
      • Documents
      • Assets
      • Signers
      • Linked users
      • Sign the contract
      • Docusign integration
      • Contract versions
      • Contract templates
    • Risk management
      • Glossary of terms
      • Risk management process
        • 1. Identification
        • 2. Assess
        • 3. Monitor
        • 4. Control
        • Let's recap
      • Dastra / eBios RM comparison
      • Attach a risk to a processing activity
      • FAQ
    • Planning
      • Create your action plan
      • Create or modify a project or an iteration
      • Monitor, screen or export your tasks
      • Customise the task workflow
      • Share as calendar
      • Customise the task workflow
      • Go further with planning
      • FAQ
    • Data subject right request
      • Manage data subject right requests
      • Set up a data subject right request widget
      • Technical integration
      • API integration
    • Manage data breach notifications
      • Report a data breach
      • Export your data breach notifications
    • Manage cookies consent
      • Widget configuration
        • Preliminary study
        • Cookies scanning
        • Classify cookies by consent categories
        • The purposes of cookies
        • Implement a cookie consent widget
        • Collect proof of cookie consent
        • Go further on cookie consent
        • In case of unavailability
      • Technical integration
        • Functioning of the widget
        • Quick start
          • Wordpress
        • Language management
        • Test the integration of a widget
        • Blocking cookies
          • Blocking iframes (twitter/youtube...)
          • Google Tag Manager
        • Advanced Design
        • Manage consent programmatically
        • User identification
        • Mobile applications
          • Hybrid applications
          • Native applications
        • TCF 1.1/2.0
      • RGAA compliance
      • Breakdown service
    • Regular review (freshness)
    • Custom Reporting
      • Integration with data analysis tools (BI)
    • AI Systems
      • Establishing a record of AI systems
      • Risk analysis and business value
      • Transparency notice
      • AI Models repository
    • Advanced configuration
      • SCIM
      • Roles and permissions
      • Single Sign On (SSO)
        • SAML 2
        • OpenId
        • ADFS
        • Active Directory
        • Okta
        • Known problems
      • References
      • API key management
      • Notifications
      • Workflow steps / process flow
      • Incoming mail data collection
      • OneDrive/Google Drive integrations
      • Webhooks
      • SMTP configuration
      • Workflow rules
      • Message templates
      • Email domains
  • PARTNERS
    • Portal
  • 📄API documentation
    • Configuration
    • Authentication
    • API References
    • Integrations
      • Frequently asked questions
  • 🛡️Security
    • Security at Dastra
    • Security roadmap
    • Quality of Service
  • Certifications
  • 🤖Other
    • FAQ
    • Known problems
    • Changelog
  • Referentials
    • CNIL referentials
      • HR referential from CNIL
Propulsé par GitBook
Sur cette page
  • How to deal with datasets?
  • Special category data
  • Data retention

Cet article vous a-t-il été utile ?

  1. Features
  2. Record of processing activities
  3. Complete a data processing activity

Dataset

Define the dataset and retention policy involved in the processing activity.

Dernière mise à jour il y a 2 ans

Cet article vous a-t-il été utile ?

also requires the registration of the categories of data processed.

it is a question here of defining the categories of data processed. These can be said to be common or sensitive. A distinction is made between data which present a greater risk to natural persons such as data relating to the health of persons, data relating to political opinions or trade union activity. Data relating to offenses or other measures for the execution of sentences also constitute particularly protected data.

Similarly, the social security number can be considered as a special category data.

How to deal with datasets?

The dataset groups the data of a specific element, for example, a table in a database or a paper collection form.

Datasets can be used in several ways:

Case 1: by associating a dataset with a single asset. In this case, the dataset corresponds to the data of the asset and is not generic

Case 2: by associating a dataset to the data processing. This dataset can be specific to the data processing and is not reused in another data processing

Case 3: by associating generic datasets to the data processing. In this case, the dataset can be reused in several data processing.

To use generic datasets, we recommend the following procedure:

  • Open the dataset processing page

  • Open a new tab on the datasets page in the mapping

  • Select the dataset in the dataprocessing

  • If the dataset needs to be modified, create another one: go to the other tab and duplicate the generic dataset by removing or adding the desired fields

  • For more clarity, we recommend you to use a tag for these datasets (this will allow you to distinguish them easily in the dataset selector). For example: a "generic" tag and a tag for the added or removed data

The long-term objective may be to limit the use of generic datasets and to move towards a more precise mapping either via data processing (case 2) or via assets (case 1).

On the other hand, it is possible to remain even more generic by not specifying the data associated with the dataset but by naming the dataset as a category of data (which is also valid in the sense of the RGPD for example).

Depending on the processing, you may have different approaches, depending on the sensitivity of the processing with regard to the rights and freedoms of the data subjects.

Special category data

Data retention

kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

The retention period depends on the purpose of the processing and the nature of the data. The retention periods can be defined according to the types of data. For example, for payroll management, the data relating to the salary slip are kept for 1 month in active database and 5 years in intermediate archiving while the data relating to the transfer order for payment are kept for the time necessary for the 'issue of the payslip on an active basis and 10 years from the closing in an intermediate archive.

The duration can be expressed in value or, if this is not possible, the criteria used to define the retention period (until unsubscription for example). It is recommended to set up procedures to manage the retention periods at the level of the category of data and in particular, manage purges or destruction of data.

The collection of sensitive data is in principle prohibited. Only the exceptions provided for in allow them to be collected.

The limited retention of data is part of the general principles of personal data law and is recalled in . Special category should be

⚙️
Article 30 of the GDPR
article 9 of the GDPR
Article 5 1. e) of the GDPR