Key Benefits:
Regulation Act Protection Personal Data Ministry of Defence
The Minister of Defence,
Decision:
For the purposes of this arrangement:
a. Law: Personal data protection law ;
b. Minister: Minister of Defence;
c. Person entry: any given concerning an identified or identifiable natural person;
ed. special personal data: personal data as referred to in Article 16 of the Act ;
e. processing of personal data: any act or set of acts relating to personal data, including in any case the collection, recording, organisation, storage, updating, modification, retrieval, consultation, use, by transmission, the distribution or any other form of posting, bringing together, related to each other, as well as the fencing, erasation, or destruction of data;
f. processor: any person who processes personal data within the meaning of subparagraph (e) of this Article;
g. notification form: the notification form referred to in Article 2.2 of this arrangement;
h. register: register as intended Article 2.4 of this arrangement;
i. Responsible: Minister of Defence;
j. Wbp Administrator: the head of the head charged on behalf of the Minister with a view to ensuring compliance with the law in respect of processing operations carried out within the service part;
k. Editor: the person processed for the purposes of the personal data responsible, without having been subject to his direct authority;
l. user: the person empowered to see or to enter or mutate data;
m. person concerned: the person to whom a person relates;
n. Third: any person, other than the person concerned, the person responsible, the editor, or any person entitled under the direct authority of the person responsible or the editor for processing personal data;
o. receiver: the person to whom personal data are provided;
P. College of protection of personal data or of the College: College as referred to in Article 51 of the Act ;
q. data protection officer: the official referred to in the Article 62 of the Act ;
r. notification: Notification to the Data Protection Officer of any processing of personal data intended for the execution of a purpose or of several related purposes as intended to be carried out in accordance with Article 28 of the Act and in Article 2.2, first and second paragraphs , from this scheme;
s. the provision of data: to publish, or to make available, personal data, in so far as it relies, in whole or in large part, on data processed, or obtained by processing, with or without any other data;
t. Wbp: Personal data protection law .
This arrangement shall apply to all processing of personal data for which the Minister of Defence is the responsible officer within the meaning of the Law .
1 To Be Designated As A Wbp Manager:
a. The Deputy Secretary-General for operations within the Board of Directors as well as defence-wide processing operations;
b. the Commander Royal Marechaussee for processing within the Royal Marechaussee;
c. the Commander Zeestrijdforces for processing operations within the operational command of the sea forces;
d. the Commander Air Forces for processing operations within the Operational Command of Air Forces;
e. the Commander of the Land Forces for processing operations within the Operational Command of the Land Forces;
f. the Commander Commando Services Centres for processing operations within the Command Services Centres;
g. the Director of Defence Material Organisation for processing operations within the Defense Equipment Organisation.
2 An Wbp administrator can contribute the charge to him for compliance with the law in whole or in part to a Wbp under-administrator within his service part. It shall inform the Data Protection Officer thereof.
3 The Wbp Administrator, or the Wbp Undermanager, shall designate within his service part a Wbp Coordinator who coordinates the implementation of the Act and the actual actions necessary for that purpose within his service part. It shall inform the Data Protection Officer thereof. The Wbp Coordinator participates in the Wbp Coordinators Consulation.
4 The Wbp administrator reports to the Data Protection Officer annually before 1 August on compliance with the requirements. Law within his service part.
5 The Wbp Administrator, or the Wbp underadministrator, reports all processing of personal data with the Data Protection Officer in accordance with the Staff Directive Article 2.2 of this scheme.
6 The Wbp Administrator or the Wbp Undermanager shall ensure that contacts with the College are made through the intervention of the Data Protection Officer.
7 For those processing operations in respect of which this Article does not provide for a designation of Wbp administrator, the Secretary-General may still designate a Wbp administrator.
1 If a Wbp administrator, or a Wbp underadministrator, allows personal data to be processed by an editor, or if the Minister acts as an editor for an external controller, processing of personal data will only take place if prior to the execution of the processing operations by the worker is regulated by an agreement between the person responsible and the editor or by any other legal act which has created a commitment between the worker and the person responsible for the operation. responsible.
2 The agreement or legal act shall, in any case, contain a system of:
a. the role and position of the parties;
b. inform, if appropriate, those involved;
c. the work on which the agreement relates and the authorised use of personal data by the editor; and
d. An adequate security of personal data by the editor and other care obligations of the editor.
3 The agreement or legal act shall be recorded in writing.
Without prejudice to the provisions of the Law and in this arrangement, any person who processes personal data shall ensure the accuracy, accuracy and accuracy of the data.
1 There is a Data Protection Officer.
2 The Data Protection Officer shall, in addition to monitoring the processing of personal data by the person responsible in accordance with or under the Law Determined, in any case, as follows:
(a) report to the Minister annually on compliance with the law within the Ministry;
(b) the maintenance of a document register for each free of charge;
c. to accompany and care of contacts between the ministry and the college;
d. It, resulting from the supervision, advising of the Minister and of the administrators on the application and implementation of the Law ;
e. providing information on the Law , on the protection of privacy and on the way in which supervision is carried out;
(f) at least annually organise a Wbp Coordinating Consultation;
g. to monitor the settlement of complaints and to evaluate incidents related to the processing of personal data within Defence.
3 The data protection officer shall have the supervision referred to in the Article 64, first paragraph, of the Act on the powers referred to in Section 5.2 of the General Administrative Law Act . The Data Protection Officer shall use his powers only to the extent that it is reasonably necessary for the performance of his duties.
4 Any person employed under the authority of the Minister and an editor or any person who processes personal data under the authority of an editorial shall be obliged to provide the Data Protection Officer with all the cooperation which he/she shall may reasonably claim, in the exercise of its powers, unless an obligation of professional secrecy is in the way of a statutory provision.
Personal data shall be collected for specific, expressly defined and justified purposes.
1 The Wbp Administrator, or the Wbp underadministrator, reports processing of personal data prior to processing by means of data processing. Annex The Defence Staff's Notification Form to be included in the Data Protection Officer.
2 The Wbp Administrator, or the Wbp underadministrator, reports changes to a notification, if possible before the change begins, but not later than one week after the change, to the Data Protection Officer.
3 The Wbp Administrator, or the Wbp underadministrator, has a Wbp file per reported processing. An Wbp File shall include in any case:
a. A copy of the notification made;
b. if applicable, a copy of the arrangements as referred to in Article 14 of the Act with an editor;
c. information on the locations, service parts and systems where the processing takes place;
d. information on the basis of the processing and on the parts of the business process for which the processing of personal data is carried out;
e. information demonstrating the adequate security of personal data;
f. information on the application of Article 43 of the Act .
1 Processing operations which are of particular risk in the sense of Article 31 of the Act be reported as such by the Wbp administrator, or the Wbp underadministrator with the data protection officer.
2 The Data Protection Officer shall report to the College protection personal data the processing operations notified to him under the first paragraph.
1 There is a register that is kept under the responsibility of the Data Protection Officer.
2 The reports will at least be placed on the defence intranet.
1 Prior to the development of Defence-law or Defense-policy with which the construction of new ICT systems or the construction of large data files is provided, the Wbp administrator or the Wbp underadministrator will have a privacy impact assessment carried out in accordance with the Privacy Impact Assessment Driving Service.
2 A copy of the results of the privacy impact assessment shall be sent to the Data Protection Officer and the Chief Executive Officer.
The personal data will be removed when it is no longer necessary for the purpose of the processing.
The Wbp Administrator, or the Wbp Underadministrator, informs the data subject of the information in accordance with the Articles 33 and 34 of the Act unless the person concerned is already aware of that.
1 Person concerned may request the exercise of the rights conferred upon him as intended for the purposes of the Articles 35 , 36 , 40 , 41 and 42 of the Act to be directed to the Wbp administrator or Wbp underadministrator.
2 The Wbp Administrator or the Wbp Underadministrator shall ensure that the identity of the applicant is properly identified.
3 A request referred to in paragraph 1 may be made by his lawyer on the production of a special written authorisation for that purpose. A request referred to in paragraph 1 may also be made by another person, on production of a special written authorisation to that effect, on behalf of the person concerned. Communications to such an authorised representative shall not be carried out if it can be assumed that it has an independent interest in the information to be submitted, or if serious objections to it exist.
4 The Wbp administrator shall provide the Wbp administrator (s) or Wbp under administrator (s) responsible for the request, where appropriate, for the transmission of a request from the person concerned.
5 On a request as referred to in paragraph 1, it shall be decided within four weeks.
1 The decision as referred to in Article 3.2, fifth paragraph , the statement of objection may be raised and addressed to whom the objection should be addressed.
2 Within six weeks from the day of dispatch of a decision as intended Article 3.2, fifth paragraph , any person whose interest is directly involved in this Decision may object.
The technical and organisational measures to be taken should ensure an appropriate level of security of personal data against loss and unlawful processing.
1 The State/Defence Department, whether or not at the request of the Data Protection Officer, shall carry out periodic audits of compliance with the Act and this Arrangement.
2 The Audit Service Reich/Defense reports periodically its findings to the Minister and the Data Protection Officer.
The Secretary-General may provide further guidance for the implementation of the provisions of this Arrangement.
1 The notifications to the Data Protection Officer of existing processing operations referred to at the date of entry into force of this Arrangement, as provided for in Article 2.2, first paragraph They shall be made no later than six months after the entry into force of this Arrangement.
2 The data protection officer shall ensure the withdrawal of existing notifications to the college once replacement reports are received.
This arrangement shall enter into force on 1 September 2009.
This arrangement is cited as: Rules Act Protection Personal Data Ministry.
This arrangement will be placed in the Official Journal and in the series of ministerial publications.
The Hague, 3 August 2009
TheMinister
of Defence,E. of Medium Purchase
[] Initial notification
[] Forward change previous notification (No MvD/Wbp/.....)
Date:
1. What name does the data file have?
2. For which are the data collected and used (the targets of the data file)?
| Purpose: |
| 1. |
3. About who are processing data and what types of data are that?
| 1. |
|
| 1.1. |
Purpose |
| 2. |
|
| 2.1. |
Purpose |
4. To whom data are provided?
| 1. |
5. Who is the Wbp Administrator of the data file?
6. Any details
| 1. |
7. Who is the contact person for questions or exercising rights such as knowledge of knowledge or correction?
8. Is the Defense Security Policy satisfied with respect to the security of the data?
9. Is prior examination needed?
| Yes/No |
| Prior testing is necessary because: |
