DASTRA
English
English
  • What is Dastra
  • 🇪🇺USEFUL REMINDERS
    • What is GDPR ?
    • GDPR key concepts
      • Personal data
      • Record of processing activities (ROPA)
      • Privacy impact assessment
      • Data retention period
      • Data Subject Rights (DSR)
      • Privacy by design and by default
      • Security measures
      • Data breach notifications
    • Risk management
      • Definition of risks
      • Risk assessment
      • Vendor risk management
  • 🧑‍🎓GETTING STARTED
    • Setting up
      • Create and set up a workspace
      • Create and set up organizational units
      • Appointing a DPO
      • Add a lead authority
      • Invite users
      • Managing roles and permissions
      • Create and assign teams
      • Frequently asked questions
    • Tutorial
      • Step 1: Setting up
      • Step 2: Map your personal data processing and draw up a register
      • Step 3: Managing risks
      • Step 4: Prioritize actions
      • Step 5: Implement internal processes
      • Step 6: Document compliance
    • Support
      • The dastronaut's assistant
      • Online help
      • Request support
      • The customer support process
  • ⚙️Features
    • Dashboard
    • General
      • Advanced Filters
      • Import your data (Excel, Csv)
      • Tag management
      • Custom fields
      • AI Assistant
      • Email templates
    • Data Mapping
    • Record of processing activities
      • "Data controller" record
      • "Data processor" record
      • Establish your record
      • Export / import the record
      • Use a processing activity template
      • Declare a processing activity
      • Complete a data processing activity
        • General information
        • Stakeholders
        • Purposes
        • Dataset
        • Assets
        • Data subjects
        • Data subjects rights (DSR)
        • Recipients
          • Data transfers outside the EU
        • Security measures
        • Impact analysis
        • Documentation
      • Create relationships between processing activities
      • Processing freshness
      • Share the record of processing
      • Data visualization
        • View the treatment tree
        • View the record data map
        • View the transfers map
      • Frequently asked questions
    • Audits and DPIA
      • Create or modify an audit template or DPIA
      • Scheduling an audit or a PIA
      • Share an audit report or PIA
      • FAQ
    • Privacy hubs
      • Create a Privacy hub
      • Configure your Privacy hub
        • Homepage and general configuration
        • Questionnaires
        • Data subject requests
        • Record of processing activities
        • Attachments
        • Organizational chart
        • Contacts
        • Security
        • Appearance and design
      • Preview and share your privacy hub
      • Collecting data processing projects from a Privacy hub.
    • Contracts
      • Declare a Contract
      • Structure of a contract
      • Documents
      • Assets
      • Signers
      • Linked users
      • Sign the contract
      • Docusign integration
      • Contract versions
      • Contract templates
    • Risk management
      • Glossary of terms
      • Risk management process
        • 1. Identification
        • 2. Assess
        • 3. Monitor
        • 4. Control
        • Let's recap
      • Dastra / eBios RM comparison
      • Attach a risk to a processing activity
      • FAQ
    • Planning
      • Create your action plan
      • Create or modify a project or an iteration
      • Monitor, screen or export your tasks
      • Customise the task workflow
      • Share as calendar
      • Customise the task workflow
      • Go further with planning
      • FAQ
    • Data subject right request
      • Manage data subject right requests
      • Set up a data subject right request widget
      • Technical integration
      • API integration
    • Manage data breach notifications
      • Report a data breach
      • Export your data breach notifications
    • Manage cookies consent
      • Widget configuration
        • Preliminary study
        • Cookies scanning
        • Classify cookies by consent categories
        • The purposes of cookies
        • Implement a cookie consent widget
        • Collect proof of cookie consent
        • Go further on cookie consent
        • In case of unavailability
      • Technical integration
        • Functioning of the widget
        • Quick start
          • Wordpress
        • Language management
        • Test the integration of a widget
        • Blocking cookies
          • Blocking iframes (twitter/youtube...)
          • Google Tag Manager
        • Advanced Design
        • Manage consent programmatically
        • User identification
        • Mobile applications
          • Hybrid applications
          • Native applications
        • TCF 1.1/2.0
      • RGAA compliance
      • Breakdown service
    • Regular review (freshness)
    • Custom Reporting
      • Integration with data analysis tools (BI)
    • AI Systems
      • Establishing a record of AI systems
      • Risk analysis and business value
      • Transparency notice
      • AI Models repository
    • Advanced configuration
      • SCIM
      • Roles and permissions
      • Single Sign On (SSO)
        • SAML 2
        • OpenId
        • ADFS
        • Active Directory
        • Okta
        • Known problems
      • References
      • API key management
      • Notifications
      • Workflow steps / process flow
      • Incoming mail data collection
      • OneDrive/Google Drive integrations
      • Webhooks
      • SMTP configuration
      • Workflow rules
      • Message templates
      • Email domains
  • PARTNERS
    • Portal
  • 📄API documentation
    • Configuration
    • Authentication
    • API References
    • Integrations
      • Frequently asked questions
  • 🛡️Security
    • Security at Dastra
    • Security roadmap
    • Quality of Service
  • Certifications
  • 🤖Other
    • FAQ
    • Known problems
    • Changelog
  • Referentials
    • CNIL referentials
      • HR referential from CNIL
Propulsé par GitBook
Sur cette page
  • Add Users to a Processing
  • Add a processing implementation manager
  • Add a joint controller (co-controller)
  • Add a Person in Charge of Implementing the Processing
  • Add a Representative of the Data Controller
  • Add an Operational Data Controller (ODC)

Cet article vous a-t-il été utile ?

  1. Features
  2. Record of processing activities
  3. Complete a data processing activity

Stakeholders

Identify the key parties involved in data processing.

Add Users to a Processing

Dastra allows you to attach users to a processing.

Note that these are not stakeholders but users (individuals who have an account on the Dastra platform).

User accounts must be created at least one hour before they can be added as stakeholders.

The roles thus defined will allow for efficient management and implementation of your processing in Dastra.

Here is a way to define user roles for your data processing activities:

  • Accountable: This is the user in Dastra who is responsible for validating that the processing and associated elements as indicated in Dastra are valid according to the organization's expectations. This person may be different from the data controller's signatory. For example, it could be a service manager, a DPO, or a DPO relay.

  • Responsible: This is the user who is responsible for carrying out the necessary actions on the processing and describing it. This could involve implementing data security measures, managing access, or any other task required to ensure the compliance of the processing. This could be a project manager or a dedicated business manager.

  • Informed: This category includes users who need to be kept informed of the progress and status of the processing without having an active role in its validation or implementation. This may include members of the management team, project managers, or other stakeholders who have an interest in the processing.

Add a processing implementation manager

You can indicate the stakeholders involved in the implementation of the processing. This can for example be a service or a department of a company (such as the human resources department for example) but also a dedicated person if it's a project (project manager for example).

You also indicate the identity of the representative of the controller, if applicable, of the joint controller(s).

Add a joint controller (co-controller)

To add a joint controller, add a new stakeholder and select "Joint controller".

You will be prompted to add a stakeholder as a joint controller.

Add a Person in Charge of Implementing the Processing

The person in charge of implementing corresponds to the service that is operationally responsible for the processing. This is generally the service that uses the data and carries out the processing activity.

This can be either a service or an individual.

In Dastra, you will need to add an actor.

Add a Representative of the Data Controller

The representative of the data controller corresponds to the operational representative of the data controller (DC). For example, this could be a member of the executive committee or a municipal councilor (with the DC being represented by the mayor).

Add an Operational Data Controller (ODC)

The Operational Data Controller (ODC) is a concept that can be used in GDPR governance to designate a person or entity with a key role in the operational implementation of personal data processing.

📌 Role of the ODC in GDPR Governance The ODC (Operational Data Controller) is not a concept explicitly defined by the GDPR, but it can be used internally by some organizations to designate a person with specific operational responsibilities in managing data processing activities.

Implementation of Data Processing

  • The ODC often serves as an operational relay for the Data Controller (DC) within a business unit (e.g., HR, Marketing, IT, etc.).

  • They are responsible for executing data processing activities on a daily basis, in accordance with the instructions of the Data Controller and in compliance with GDPR principles.

Application of Compliance Measures

  • The ODC ensures that processing activities are carried out in accordance with internal compliance policies and GDPR obligations.

  • They apply technical and organizational measures defined by the company to ensure the security and confidentiality of personal data.

Collaboration with the DPO and the Data Controller

  • The ODC works closely with the Data Protection Officer (DPO) to ensure that data processing activities comply with data protection rules.

  • They can act as a key contact for the DPO, particularly in handling data subject requests (e.g., access, rectification, deletion).

Incident and Data Breach Management

  • The ODC may be involved in detecting and managing data breaches, applying internal procedures to react quickly and notify incidents if necessary.

  • They monitor incidents and assist in implementing corrective actions.

Documentation and Maintenance of the Processing Register

  • The RTO contributes to updating the register of processing activities, documenting the processing under their responsibility and ensuring that relevant information is properly reported to the Data Controller or DPO.

🎯 Difference Between Data Controller and Operational Data Controller

Criteria

Data Controller (DC)

Operational Data Controller (ODC)

Role

Defines the purposes and means of processing

Implements processing activities in practice

Decision-making

Decides why and how data is processed

Applies decisions and manages execution

Legal responsibility

Holds legal responsibility in case of non-compliance

Operates under the authority of the DC

Interaction with the DPO

Works with the DPO to define policies

Implements DPO recommendations

Dernière mise à jour il y a 1 mois

Cet article vous a-t-il été utile ?

⚙️