We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content.

For more information visit our privacy policy.

Data Protection by Design Sample Clauses

Data Protection by Design. The main legal source for data protection is of course the GDPR10. There are other provisions11, though, which need to be taken into account for a deep Data Protection Impact Assessment (DPIA). Work Package 2 of the Me-CODEX II project has worked out such a DPIA for e-CODEX and came to the final conclusion of a positive validation result. This document therefore does not intend to repeat the DPIA but focusses on the justification, why data protection is applied to e-CODEX data not only as an added feature but by the design of the concept. It has been pointed out above an in previous documents, that e-CODEX provides an infrastructure for communication (mainly between judicial authorities). For judicial use cases it is clear, that data is transferred, on which data protection regulations are applicable. The GDPR foresees that personal data can be transferred (i.e., processed) if it is based on one of the listed justifications. Further, personal data needs to be avoided where it is not necessary. Finally, if personal data is processed, appropriate measures need to be installed, to reduce the risk of a privacy breach with due dilligence. e- CODEX applies such measures – again – not as extra features, but as an integral part of its design: • As pointed out in the chapter 2 ”Security by Design” encryption is applied on several layers. The Gateway-to-Gateway communication is done via an encrypted channel and additionally, the Connector-to-Connector communication is encrypted, as well, to add even further security. Messages are signed to proof their authenticity. • Additional encryption and authentication levels can be applied per e-CODEX use case. • Participation in e-CODEX use cases is only possible for mutually acknowledged and authorised partners. • For the transmission of data, the data needs to be processed. For this processing the data is stored temporarily. Then, after the processing, the data is automatically deleted. No personal data is stored permanently whatsoever. • The temporary storage is done on the local instances of the e-CODEX Access Points. By design, there is no central data storage in place, as e-CODEX is a mere decentralised, peer- to-peer communication network without any central authority in between. The high level of various data protection measures of e-CODEX is good starting point for privacy- compliant judicial communication. Still, the final responsibility lies with the operators of national e- CODEX participants and needs to take add...
Data Protection by Design. A central plank of the upcoming GDPR is data protection by design and by default. This will fall under the remit of a data protection officer who ensures that “requirements related to data protection by design, data protection by default and data security and to the information of data subjects and their requests in exercising their rights under this Regulation; (d) to ensure that the documentation referred to in Article 28 is maintained” (See GDPR section 4). Given the complexity and importance of these central conceptsit will be prudent to enact awareness raising on a HBP-wide basis, so that the data protection officer (once appointed) can expect meaningful engagement with these ideas. This is a topic that has arisen in the light of the DGWG’s data policy manual and so coordination with that strand of HBP work will be valuable.

Related to Data Protection by Design

  • Data Protection All personal data contained in the agreement shall be processed in accordance with Regulation (EC) No 45/2001 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the EU institutions and bodies and on the free movement of such data. Such data shall be processed solely in connection with the implementation and follow-up of the agreement by the sending institution, the National Agency and the European Commission, without prejudice to the possibility of passing the data to the bodies responsible for inspection and audit in accordance with EU legislation (Court of Auditors or European Antifraud Office (XXXX)). The participant may, on written request, gain access to his personal data and correct any information that is inaccurate or incomplete. He/she should address any questions regarding the processing of his/her personal data to the sending institution and/or the National Agency. The participant may lodge a complaint against the processing of his personal data with the [national supervising body for data protection] with regard to the use of these data by the sending institution, the National Agency, or to the European Data Protection Supervisor with regard to the use of the data by the European Commission.

  • Cybersecurity; Data Protection The Company’s information technology assets and equipment, computers, systems, networks, hardware, software, websites, applications, and databases (collectively, “IT Systems”) are adequate for, and operate and perform in all material respects as required in connection with the operation of the business of the Company as currently conducted, free and clear of all material bugs, errors, defects, Trojan horses, time bombs, malware and other corruptants. The Company has implemented and maintained commercially reasonable controls, policies, procedures, and safeguards to maintain and protect its material confidential information and the integrity, continuous operation, redundancy and security of all IT Systems and data (including all personal, personally identifiable, sensitive, confidential or regulated data (“Personal Data”)) used in connection with its business, and there have been no breaches, violations, outages or unauthorized uses of or accesses to same, except for those that have been remedied without material cost or liability or the duty to notify any other person, nor any incidents under internal review or investigations relating to the same. The Company is presently in material compliance with all applicable laws or statutes and all judgments, orders, rules and regulations of any court or arbitrator or governmental or regulatory authority, internal policies and contractual obligations relating to the privacy and security of IT Systems and Personal Data and to the protection of such IT Systems and Personal Data from unauthorized use, access, misappropriation or modification, except where the failure to be in compliance would not, individually or in the aggregate, have a Material Adverse Effect.

  • DATA PROTECTION AND PRIVACY 14.1 In addition to Supplier’s obligations under Sections 6, 9, 10, and 15, Supplier will comply with this Section 14 when processing Accenture Personal Data. "Accenture Personal Data" means personal data owned, licensed, or otherwise controlled or processed by Accenture including personal data processed by Accenture on behalf of its clients. “Accenture Data” means all information, data and intellectual property of Accenture or its clients or other suppliers, collected, stored, hosted, processed, received and/or generated by Supplier in connection with providing the Deliverables to Accenture, including Accenture Personal Data.

  • Privacy and Data Protection 8.1 The Receiving Party undertakes to comply with South Africa’s general privacy protection in terms Section 14 of the Xxxx of Rights in connection with this Bid and shall procure that its personnel shall observe the provisions of such Act [as applicable] or any amendments and re-enactments thereof and any regulations made pursuant thereto. 8.2 The Receiving Party warrants that it and its Agents have the appropriate technical and organisational measures in place against unauthorised or unlawful processing of data relating to the Bid and against accidental loss or destruction of, or damage to such data held or processed by them.

  • Freedom of Information and Protection of Privacy Act Any information provided on this contract may be subject to release under the Freedom of Information and Protection of Privacy Act. The Contractor may be consulted prior to release of any information.

  • PERSONAL DATA PROTECTION 7.1 By accessing ESZAM AUCTIONEER SDN BHD website, the E-Bidders acknowledge and agree that ESZAM AUCTIONEER SDN BHD website may collect, retain, or disclose the E-Bidder’s information or any information by the e-bidders for the effectiveness of services, and the collected, retained or disclosed information shall comply with Personal Data Protection Act 2010 and any regulations, laws or rules applicable from time to time. 7.2 ESZAM AUCTIONEER SDN BHD will process E-bidder personal data such as name, address, NRIC and contact number for registration and E-bidding purposes. E-bidders shall be responsible for the username and password of eZ2Bid and not to reveal the password to anyone. 7.3 E-bidders agree to accept all associated risks when using the service in the ESZAM AUCTIONEER SDN BHD website and shall not make any claim for any unauthorized access or any consequential loss or damages suffered. 7.4 E-bidders shall be responsible for the confidentiality and the use of password and not to reveal the password to anyone at any time and under any circumstances, whether intentionally or unintentionally. 7.5 E-bidders agree to comply with all the security measures related to safety of the password or generally in respect of the use of the service. 7.6 E-bidders accept the responsibility that in any event that the password is in the possession of any other person whether intentionally or unintentionally, the E-Bidders shall take precautionary steps for the disclosure, discovery, or the Bidders shall immediately notify ESZAM AUCTIONEER SDN BHD

  • Applicability of Data Privacy Protections In the event that Personal Information will be Processed by Supplier in connection with the performance under this Agreement (including any SOW), then and only then shall the provisions of this Section ‘Data Protection and Privacy’ be applicable. For the avoidance of doubt, the data security requirements contained in section ‘Information Security’ shall apply regardless of whether Personal Information is Processed under this Agreement or any SOW. All Personal Information obtained from or on behalf of DXC or in connection with performance pursuant to this Agreement shall be Processed and protected pursuant to this Section ‘Data Protection and Privacy’, the Section ‘Information Security’ and any other Sections of this Agreement that address Personal Information.

  • Third-Party Information; Privacy or Data Protection Laws Each Party acknowledges that it and its respective Subsidiaries may presently have and, after the Effective Time, may gain access to or possession of confidential or proprietary Information of, or personal Information relating to, Third Parties: (i) that was received under confidentiality or non-disclosure agreements entered into between such Third Parties, on the one hand, and the other Party or the other Party’s Subsidiaries, on the other hand, prior to the Effective Time or (ii) that, as between the two parties, was originally collected by the other Party or the other Party’s Subsidiaries and that may be subject to and protected by privacy, data protection or other applicable Laws. Each Party agrees that it shall hold, protect and use, and shall cause its Subsidiaries and its and their respective Representatives to hold, protect and use, in strict confidence the confidential and proprietary Information of, or personal Information relating to, Third Parties in accordance with privacy, data protection or other applicable Laws and the terms of any agreements that were either entered into before the Effective Time or affirmative commitments or representations that were made before the Effective Time by, between or among the other Party or the other Party’s Subsidiaries, on the one hand, and such Third Parties, on the other hand.

  • Data Protection Laws those laws applicable to the processing of personal data in the relevant jurisdictions, including but not limited to the General Data Protection Regulation 2016/679.

  • Data Protection and Privacy: Protected Health Information Party shall maintain the privacy and security of all individually identifiable health information acquired by or provided to it as a part of the performance of this Agreement. Party shall follow federal and state law relating to privacy and security of individually identifiable health information as applicable, including the Health Insurance Portability and Accountability Act (HIPAA) and its federal regulations.