GDPR Flowchart PNO

Personal data flows from the Person owning the data (Data Subject) via a Client / Consortium (Controller) to PNO (Controller or Processor) and from there to third parties ((sub-) Processor). Across the chain, data must be handled ‘GDPR-proof’.
Check GDPR Texts PNO for text used by PNO on GDPR.

Data Subject >Consent> Client >GDPR Text> PNO >Processing Agreement> (sub) Processor

At PNO we protect the Flow of Personal Data use according to the GDPR. Instruments available are listed in the first column. PNO often assumes the role of Controller; the various roles are listed in column GDPR role. The documents that should be on archive or available are listed in column three and remarks thereafter. Check for practical solutions: technical and/or organizational measures.
Click on the links in the column ‘Role’ for a ‘GDPR road map’.

InstrumentsGDPR RoleOn ArchiveRemarks
Dutch Privacy AuthorityData SubjectConsent | Data breachPerson or Client
DPIA |
GDPR by design
PNO ControllerPrivacy Statement | Disclaimer | Netiquette | Cookie Policy | General Terms & Conditions *)
Shared responsibilityAdvice – Management support
ISO 27001Compliance serviceSee ffiqs
SaaS serviceUnder construction
Consortium Agreement and AnnexesBeneficiary EU consortiumPossible co-Processor
Linking Contract
Audit | ISO | GDPR by designProcessing Agreement
Processor
Audit | ISO | GDPR by designProcessing Agreement
Sub-processor
Audit | ISO | GDPR by designProcessing Agreement
Sub-processor
Etc.
InstrumentsRoleOn ArchiveRemarks
*) Privacy Statement, Disclaimer, Netiquette, Cookie Policy and General Terms & Conditions are texts explaining legalities. PNO is 100% transparent on Personal Data processing, listing the data at hand, procedures for Data Subjects to exercise their rights, and mentioning third parties involved.