Advanced Search

The Order In Which To Prepare And Submit To The Processing Of Personal Data In Conformity Assessment

Original Language Title: Kārtība, kādā sagatavo un iesniedz personas datu apstrādes atbilstības novērtējumu

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$40 per month.
Cabinet of Ministers Regulations No. 216 in 2015 (12 May. No. 24) order in which to prepare and submit to the processing of personal data in conformity assessment Issued in accordance with the individual data protection act 26 part 1 of article 2.1. rules determine: 1. the processing of personal data in conformity assessment (hereinafter referred to as the assessment); 1.2. the procedure and the period within which the evaluation shall be prepared and submitted to the data State Inspectorate. 2. the rules apply to State and local authorities and private individuals, which delegated the tasks of public administration (hereinafter referred to as the authority). 3. the preparation of the Assessment process is documented, the aim of which is to assess the treatment of personal data, the actual circumstances and their compliance with the laws and regulations in the field of protection of personal data. Assessing the processing of personal data in the actual circumstances, the evaluators interviewed by persons involved in the processing of personal data and the protection of the internal procedures, check out Visual assessment and check documents. 4. the assessment under this annex shall draw up rules: 4.1 before the start of the processing of personal data for a new purpose of the processing of personal data; 4.2. before any changes were made to the processing of personal data that affect the data subject's rights or interests in the field of protection of personal data; 4.3. at the initiative of the authorities; 4.4. the State inspection of the data request. 5. These regulations 4.2. in the case referred to in subparagraph may be made after evaluation of the processing of their personal data changes, if: 5.1 any delay to make changes to the processing of personal data may result in immediate and substantial risks for the data subject's rights or interests; 5.2. any delay to make changes to the processing of personal data presents a risk for the security of information; 5.3. we have made changes to the laws relating to the processing of personal data. If changes to the laws relating to the processing of data for one purpose to the processing of personal data is carried out several times a year, the webmaster has the right to carry out evaluation once a year, an estimate of the time of year changes. 6. For each of the processing of personal data for the purpose of preparing a separate assessment. 7. the evaluation shall be prepared by the personal data protection officer or the person who has acquired a second level professional or academic higher education, which has expertise in the field of protection of personal data, and with at least one year of experience in the protection of personal data, or information technology, or equivalent of the audit, as well as checks (hereinafter referred to as the appraiser). 8. the authority shall be entitled to call on the task force, which meets under section 7 of these regulations. 9. The task force shall have the right, through assessment, call the professionals that do not comply with this provision in section 7. 10. the authority shall ensure evaluations and this provision in paragraph 9 above in the evaluation process involved a professional access to documents, information systems, technical resources and facilities required to carry out the assessment. 11. the appraiser and that rule 9, paragraph specialist involved in the evaluation process will undertake in writing not to disclose information obtained during the evaluation, except as required by applicable law. 12. on the basis of the findings and of the documentation examined, the evaluator within the time limit set by the authorities prepare an assessment of the project, for which the authority or the authorized officer shall deliver opinions within 10 working days. 13. the appraiser, assessing authorities views, if necessary, clarify the assessment and approval of project assessment. 14. After the approval of the appraisal appraiser prepares an assessment summary. Assessment summary indicates: 14.1. name or held a first and last name, first name, last name of evaluator and contact information; 14.2. the evaluation framework and; 14.3. the period of the assessment; 14.4. processing of personal data; 14.5. conclusions and identified deficiencies; 14.6. the recommendations and the lack of time. 15. the authority or the authorized officer assessment summary within 10 working days after its preparation submitted electronically the data State Inspectorate. 16. If the assessment indicates recommendations for correction of deficiencies, the authority or the authorized officer by deficiencies shall notify the assessor. 17. the deficiencies of the appraiser prepares a report, which specifies information about the lack of prevention measures. The message is added to the assessment, and it is considered an integral part of the assessment. Or its authorised officer within 10 working days of the report being sent to public inspection. 18. the assessment report on the deficiencies and the assessment summary is limited by the availability of information. 19. the authority has the obligation of not less than two recent assessments for each of the objectives of the processing of personal data, the summary and the provisions referred to in paragraph 17 of the report. The Prime Minister is the Minister of Justice of Rashness Newsletters amber Rasnač annex Cabinet 12 may 2015 regulations No 216 processing personal data for the assessment of conformity i. personal data processing a general description of the name of the appraiser contact information (name, surname) contact information for the evaluation period estimation basis: mark before the start of the processing of personal data to the new data processing purpose before you make changes to the processing of personal data that affect the data subject's rights or interests in the field of protection of personal data, on its own initiative after A national inspection request is processing personal data for the purpose?   Or purposes of the processing of personal data which are determined by law? If the answer is "Yes", specify the regulations, which provides for the processing of data yes no Any personal data such as name, surname, personal code, being processed, in order to achieve the objectives specified in the previous paragraph? • • • • If you processed sensitive personal data, specify the way in which personal data processing – manual or automated?   Or sensitive personal data processing is separated from the rest of the processing of personal data? If the answer is "Yes", describe the procedure as it is. If the answer is "no", indicate reasons or all the process yes no data are necessary for the processing of personal data, objective? If the answer is "Yes", list the data, showing why they required personal data processing purpose. If the answer is ' no ', state the reasons yes no Or processing personal data aim can be achieved, even when processing personal data or processing a smaller quantity? You cannot specify can explain the processing of personal data according to the legal basis of the data of natural persons Protection Act article 7. If you handle sensitive personal data, specify justification according to individual data protection act article 11, if the data processing is the legal basis for the data subject's consent, specify how (electronically, in writing, orally) and when you get the consent of the data subject If sensitive personal data is processed, based on the consent of the data subject, indicate that this agreement has been put in writing. If the answer is negative, why explain the data subject's consent in writing is not issued in writing or not writing to the processing of personal data is trusted for the operator of personal data? If the answer is "Yes", indicate the legal framework yes no Or processing of personal data is recorded in the data state inspection? If the answer is ' no ', specify the grounds yes no II. Risk analysis with regard to the data subject's rights and freedoms 1. Processing of personal data according to the personal data processing purposes how often you check processed personal data and compliance with the personal data processing purpose?   The procedures are designed to assess periodically the personal data to be processed and their compliance with the personal data processing objectives? How often the procedure is reviewed? If order is not provided, state the reasons and explain how it is ensured that the amount of personal data throughout the processing time does not exceed the processing of personal data is necessary to achieve the objectives what are the procedures designed to ensure that the processing of personal data pursuant to the personal data protection requirements?   Are there specific procedures to identify the data subject, the information of the users of the system, a third party that processes personal data manually or the system? If the answer is "Yes", describe the procedure or procedure Yes No 2. Adequate processing of personal data As is provided the correct (accurate, timely) processing of personal data?   Specify a document that has certain procedures and how often it is updated (specified) personal data how often checks, or processed properly (precise, topical) data? Specify the reasons why such a recurrence is selected and if it provides only a correct (accurate, timely) processing of personal data Or is judged a loss that may result from actual data processing? Yes No How are processed in the data subject's submissions and how to respond to them, if the data subject considers that for their personal data processed are not up to date? One way is to ensure that the data subject's right to report on actual data processing?   3. storage of personal data according to the personal data processing purpose how is a personal data storage time limits (for example, pursuant to the Act, the regulations, the data subject's consent)? Based, the choice if the data retention period is defined in the Act, regulations, specify it if the data storage period are not moderated by external legislation, specify how often is considered personal data storage time limits If the processing of personal data no longer needed for the processing of personal data for a purpose: 1. How are the processing of personal data, to determine which data is to be deleted? 1. Who is responsible for the evaluation of personal data to determine which data is to be deleted, and when? 2 Or 3 information system introduced automated notification, which points to the need to delete personal data? 3. do the guidelines have been developed with regard to the deletion of the personal data? Yes No 4. disclosure of personal data Or have developed internal regulations, which provides for a procedure for the disclosure of personal data by the institutions and third parties? Yes No specify the order in which the authorities are informing employees about the disclosure of personal data, specify the order in which you assess the personal data can be disclosed to third parties (for example, how is the identification of the applicant). Which are considered when making a decision about disclosure of personal data?   Whether and how information is stored in the cases when personal data is shared?   5. The data subject's rights 5.1. information of the data subject about his personal data or personal data are obtained from the data subject? Yes No Or the data subject is informed of his processing of personal data regardless of whether or not personal data is obtained from the data subject? If the answer is "Yes", please specify in what manner and, in any case, the data subject is informed of his processing of personal data and any content information is provided. If the answer is "no", please state why the data subject is informed yes no Or the data subject is able to obtain information on individuals who have received information about the data subject? If the answer is "Yes", specify the period for which such information is provided. If the answer is "no", indicate why the information is not available yes no specify how often and for what period of time is provided to the data subject's right to information about his personal data processing. Specify the time and frequency of detection of reasons Or for providing information is chargeable if the data subject information for their processing of personal data requires more often than twice a year? What is it about? Yes No Or is provided to the data subject the right to limit your processing of personal data, including the appropriate individual in the data protection Act 16 and article 19? If the answer is "Yes", specify how the data subject are provided. If the answer is ' no ', state the reasons yes no or information about the data subject is received from third parties? If the answer is "Yes", specify the inbound order and legal basis for receiving such information Yes No 5.2. Data subject's right of access to your personal data Or the data subject shall have the right to provide access to your personal data? If the answer is "Yes", describe the order in which the data subject is granted access rights to your personal data. If the answer is "no", please state why the data subject's right of access is not supported yes no how is personal data at the request of the data subject?   Or the data subject shall, upon his request and provides information on the processing of personal data? If the answer is "Yes", specify a procedure for the provision of information yes no Or curator shall have the right to refuse the data subject access to his personal data? If the answer is "Yes", specify in which case yes no or automated decision-making based on personal data processed? In any case, the administrator review such decisions? Yes No 6. Transfer of personal data outside the European Union or European economic area Member States, or countries which have received the Commission's opinion on the adequate level of data protection Or personal data are transferred to the State, not members of the European Union or European economic area Member State or international organization? If the answer is "Yes", specify the justification for processing of personal data, the country to which the data is transferred, and the kinds of personal data that is passed to the Yes No Or have developed internal rules for the transfer of personal data outside the European Union or European economic area Member States? If the answer is "Yes", describe the principles contained therein. If the answer is "no", please state why such provisions are developed Yes No III. Data protection and security measures Or have been developed for the processing of personal data protection rules? Yes No Any order inform workers of the obligation not to disclose personal data (including after work, service or other legal termination)? As compliance with this obligation is controlled?   About information resources, technical resources, and the protection of personal data, the person in charge of A personal data protection measures are applied to information technology?   Describe the measures that have been introduced after the unauthorized and unlawful access to personal data that is processed in an automated or manual Or sensitive personal data processing is set higher (higher) level of data protection? If the answer is "Yes", describe the specific level of protection yes no or establishment is information system security rules? Yes No are there for the security of information systems management and the person responsible for implementation? Yes No or establishment are made in information systems risk analysis? Yes No Or institution has designed information system access control procedure? If the answer is "Yes", how the body manages information system user accounts? Yes No what are the requirements for user account passwords or other account protection tools?   Are there specific duties information system users? What? Yes No or establishment is done security training personnel performing data processing in information systems? How often that security training is carried out, what is its content? Yes No Or the authority before commissioning the system security test? If the answer is "Yes", specify the verification arrangements yes no Or institution has developed information system maintenance routines and procedures? Yes No Or authority is provided with the information system event logging and monitoring? Describe the arrangements yes no or institution provides data backup and verification? Describe the arrangements yes no Or authority uses external information systems connected with information systems? If the answer is "Yes", what is the procedure and conditions under which the collaboration with other institutions? Yes No What technologies and tools are used to connect the system?   Or authority information systems can be accessed remotely? If the answer is "Yes", what is a remote access procedure and conditions? Yes No Or institution provides external storage devices to manage and use? Yes No Or information systems is used for data encryption? If Yes, describe yes no it Or before publicly releasing information evaluating its level of confidentiality and potential risks? Yes No Or institution is designed for managing the incident and procedures? Yes No Or institution has developed a procedure for correcting the shortcomings detected? Yes No IV. Suggestions for correction of deficiencies and shortcomings Conclusions recommendations Deadline failures failures appraiser (name, surname, signature) (date) the Minister of Justice Rasnač in amber