A GDPR light on the WBSO-tool | October 2020
- What (personal) data (owned by the Data Subject)
BCI (Business Contact Information)
BSN (NL: Burger Service Number | Person ID number)
Costs / Hours admin (Separate tool) - Is mailing list/audio/video/participant lists at hand
(Check Technical and Organizational Measures)
No - Does a client’s procurement policy apply
No - Organization consent for use given/archived
Yes, by signing a contract with PNO - Does Data Subject acknowledge Privacy Statement
Yes - Does Data Subject acknowledge Cookie Policy
N.A.(Not Applicable) - Does Data Subject acknowledge Netiquette
N.A. - Where are data stored/processed (within EER)
IT Enschede - Is access to Personal Data limited within PNO
Yes and communicated with RVO (NL: Rijsdienst voor Ondernemend NL) - Is the host ISO 27001 certified
Yes - How are data transmitted
Within PNO / application | Secure connection PNO – RVO | FileCap for E-mail - What data is shared with who
See above | With RVO - What period(s) applies (project length, tax laws etc)
– Project period according to contract
– Tax laws 7 year
– General cleansing 10 year - How are data anonymized
Not - How are data cleansed
BSN / BCI removed (but clients have longstanding relations with PNO) - How/when are data cleaned up/destroyed/given back
See above under ‘period’ - How can Data Subject exercise right
See Privacy Statement - Does the Privacy Statement cover all data at hand <= Frequently overlooked
Yes - Does the Cookie Policy cover all data at hand
N.A. - Is there a need for a Processing Agreement
Yes, with InnovationEngineering for maintenance - What technical and/or organizational measures are needed
Non specific; arranged by ‘WBSO-unit’; management / maintenance process and control implemented