GDPR Flowchart PNO

Personal data flows from the Person owning the data (role: Data Subject) via a (potential) Client / Consortium (role: Controller or Not Applicable) to PNO (role: Controller or Processor) and from there to third parties (role: (sub-) Processor). Across the chain, data must be handled ‘GDPR-proof’. Examples at Personal Data Flow. Check GDPR Texts PNO for text used by PNO on GDPR.

Data Subject >Consent> Client >GDPR Text> PNO >Processing Agreement> (sub) Processor

At PNO we protect the Flow of Personal Data use according to the GDPR. Instruments available are listed in the first column. PNO often assumes the role of Controller; the various roles are listed in column GDPR role. The documents that should be on archive or available are listed in column three and remarks thereafter. Check for practical solutions: technical and/or organizational measures.
Click on the links in the column ‘Role’ for a ‘GDPR road map’.

InstrumentsGDPR RoleOn ArchiveRemarks
Dutch Privacy AuthorityData SubjectConsent | Data breachPerson or Client
GDPR by design
PNO ControllerPrivacy Statement | Disclaimer | Netiquette | Cookie Policy | General Terms & Conditions *)
Shared responsibilityAdvice – Management supportIdem
ISO 27001Compliance serviceIdemSee ffiqs
SaaS serviceIdemUnder construction
Consortium Agreement and AnnexesBeneficiary EU consortiumIdemPossible co-Processor
Linking Contract
Audit | ISO | GDPR by designProcessing Agreement
PNO ProcessorIdemCheck on procurement policy for obligations
Audit | ISO | GDPR by designProcessing Agreement
Audit | ISO | GDPR by designProcessing Agreement
InstrumentsRoleOn ArchiveRemarks
*) Privacy Statement, Disclaimer, Netiquette, Cookie Policy and General Terms & Conditions are texts explaining legalities. PNO is 100% transparent on Personal Data processing, listing the data at hand, procedures for Data Subjects to exercise their rights, and mentioning third parties involved.