DPIA SUMMARY OF DATA PROTECTION IMPACT ASSESSMENT Sample Clauses

DPIA SUMMARY OF DATA PROTECTION IMPACT ASSESSMENT. Has been [To include a summary of the matters referred to in Article conducted [select ☐ 35(7) GDPR)] appropriately] [A Data Protection Impact Assessment has been deemed unnecessary for the Data Sharing Agreement Between Department of Education And Department of Children, Equality, Disability, Integration and Youth for the Sharing of Personal Data Has not been conducted [select appropriately] ☒ for the purpose of providing DE with data on early learning and care settings to allow the DE Early Years Education Inspectorate to carry out inspections of the quality of educational provision in those settings. The data being shared is a list of EY services and their registered providers. This information is publicly available on the Tusla Early Years register and so the sharing of the data is not “likely to result in a high risk to the rights and freedoms of natural persons”. The data shared under this agreement does not include any aspects that would require a mandatory DPIA.
Sample 1Sample 2See All (4)
AutoNDA by SimpleDocs
DPIA SUMMARY OF DATA PROTECTION IMPACT ASSESSMENT. [To include a summary of the matters referred to in Article 35 (7) GDPR)] [To include a summary of the matters referred to in Article 35 (7) GDPR)] 1. a systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller; Has been conducted [select appropriately] ☒ The GRO registers deaths in the Republic of Ireland. The GRO will transfer a contact dataset to HIQA via a secure file sharing service. The contact dataset will contain the names and contact details of qualified informants as well as details of the deceased individuals such as their date of birth, date of death and cause(s) of death. Upon receipt of the contact dataset, the data controller is responsible for cleaning and quality assuring the contact dataset and using it to administer a postal survey of qualified informants. The contact dataset and other working files (such as opt-out files) will be stored in an encrypted format, which four pre- identified individuals within the data processor will have access to, to administer the survey. The print service company, who distributes the survey to qualified informants, only receives a partial data file via encrypted email, containing personal data, that is the names and addresses of qualified informants. After each print run, the files are electronically deleted using file destruction software. This process is overseen by the data processor’s IT Manager. The data processor assigns an eight digit survey code to each qualified informant, which is used to manage their responses to the survey. Online survey responses are received and retained on the NCEP dashboard, which is stored securely within the European Union. They are anonymised upon receipt, meaning that all personal identifiers are removed from the responses. The hardcopy survey responses are returned by qualified informants to the data processor’s office where they are ‘booked in’ and kept under lock and key. They are uploaded to the NCEP dashboard and combined with the online survey responses, submitted directly by qualified informants. Uploading hard copy survey responses involves manually transcribing them. As the hard copy responses are transcribed and uploaded to the NCEP dashboard, their soft copy version is anonymised. The programme maintains and executes a data retention and destruction schedule. All personal data is destroyed following the completion of the survey. Digital dat...
Sample 1Sample 2
DPIA SUMMARY OF DATA PROTECTION IMPACT ASSESSMENT. (To include a summary of the matters referred to in Article 35(7) GDPR) Has been conducted [select appropriately] ☐ The summary shall contain at least: 1. a systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller; 2. an assessment of the necessity and proportionality of the processing operations in relation to the purposes; 3. an assessment of the risks to the rights and freedoms of data subjects; 4. the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned. Outline why a DPIA has not been conducted. Include reference to the checklist answers in Section 1. Has not been conducted [select appropriately] ☒ It was not necessary to conduct a Data Protection Impact Assessment (DPIA) in respect of the data sharing of AIMs data independently as the data being processed did not pose a high risk to the rights and freedoms of individuals, only minimal personal data is being processed and there is no special category data or criminal data being processed. With respect to Section 1 and the linked DPC guidance, it is clear that the data sharing activity does not meet the threshold for conducting a DPIA, with no novel technology involved, no automated decision making being undertaken, no profiling of individuals being conducted. Furthermore, the data subjects will have an expectation that this activity will be undertaken and calculations are shared back with the data subjects. In addition, and as set out in Section 11, appropriate security measures are in place to protect the data during and post transfer. It should be noted however, that a DPIA was conducted on theCarbon Footprint process which utilises AIMs data in the calculation of emissions and sustainability calculations. This DPIA assessed the data flows, uses and processor used to deliver the Carbon Footprint tool. A finding within this DPIA was to ensure that written agreements are in place to govern the data sharing between DAFM and Bord Bia. Under S.20(4) of Data Sharing and Governance Act, an amended draft agreement must be submitted for review to the Data Governance Board in accordance with Part 9, Chapter 2 of the Data Sharing and Governance Act.
Sample 1Sample 2
DPIA SUMMARY OF DATA PROTECTION IMPACT ASSESSMENT. [To include a summary of the matters referred to in Article 35(7) GDPR)] The summary shall contain at least: 1. a systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller; Has been conducted [select appropriately] ☐ 2. an assessment of the necessity and proportionality of the processing operations in relation to the purposes; 3. an assessment of the risks to the rights and freedoms of data subjects; 4. the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with this Regulation taking into account the rights and legitimate interests of data subjects and other persons concerned. [Outline why a DPIA has not been conducted.] Has not been conducted [select appropriately] ☒ A DPIA was not deemed to be necessary as the processing of this data does not adversely impact on the rights and freedoms of the data subject. Under S.20(4) of Data Sharing and Governance Act, an amended draft agreement must be submitted for review to the Data Governance Board in accordance with Part 9, Chapter 2 of the Data Sharing and Governance Act.
Sample 1
DPIA SUMMARY OF DATA PROTECTION IMPACT ASSESSMENT. (To include a summary of the matters referred to in Article 35(7) GDPR) The summary shall contain at least:
Sample 1

Related to DPIA SUMMARY OF DATA PROTECTION IMPACT ASSESSMENT

  • Data Protection Impact Assessment If, pursuant to Data Protection Law, Customer (or its Controllers) are required to perform a data protection impact assessment or prior consultation with a regulator, at Customer’s request, SAP will provide such documents as are generally available for the Cloud Service (for example, this DPA, the Agreement, audit reports or certifications). Any additional assistance shall be mutually agreed between the Parties.

  • Data Protection Impact Assessment and Prior Consultation Processor shall provide reasonable assistance to the Company with any data protection impact assessments, and prior consultations with Supervising Authorities or other competent data privacy authorities, which Company reasonably considers to be required by article 35 or 36 of the GDPR or equivalent provisions of any other Data Protection Law, in each case solely in relation to Processing of Company Personal Data by, and taking into account the nature of the Processing and information available to, the Contracted Processors.

  • Conformity Assessment Procedures 1. Each Party shall give positive consideration to accepting the results of conformity assessment procedures of other Parties, even where those procedures differ from its own, provided it is satisfied that those procedures offer an assurance of conformity with applicable technical regulations or standards equivalent to its own procedures. 2. Each Party shall seek to enhance the acceptance of the results of conformity assessment procedures conducted in the territories of other Parties with a view to increasing efficiency, avoiding duplication and ensuring cost effectiveness of the conformity assessments. In this regard, each Party may choose, depending on the situation of the Party and the specific sectors involved, a broad range of approaches. These may include but are not limited to: (a) recognition by a Party of the results of conformity assessments performed in the territory of another Party; (b) recognition of co-operative arrangements between accreditation bodies in the territories of the Parties; (c) mutual recognition of conformity assessment procedures conducted by bodies located in the territory of each Party; (d) accreditation of conformity assessment bodies in the territory of another Party; (e) use of existing regional and international multilateral recognition agreements and arrangements; (f) designating conformity assessment bodies located in the territory of another Party to perform conformity assessment; and (g) suppliers’ declaration of conformity. 3. Each Party shall exchange information with other Parties on its experience in the development and application of the approaches in Paragraph 2(a) to (g) and other appropriate approaches with a view to facilitating the acceptance of the results of conformity assessment procedures. 4. A Party shall, upon request of another Party, explain its reasons for not accepting the results of any conformity assessment procedure performed in the territory of that other Party.

  • Risk Assessment An assessment of any risks inherent in the work requirements and actions to mitigate these risks.

  • Rights Protection Mechanisms and Abuse Mitigation ­‐ Registry Operator commits to implementing and performing the following protections for the TLD: i. In order to help registrars and registrants identify inaccurate data in the Whois database, Registry Operator will audit Whois data for accuracy on a statistically significant basis (this commitment will be considered satisfied by virtue of and for so long as ICANN conducts such audits). ii. Work with registrars and registrants to remediate inaccurate Whois data to help ensure a more accurate Whois database. Registry Operator reserves the right to cancel a domain name registration on the basis of inaccurate data, if necessary. iii. Establish and maintain a Domains Protected Marks List (DPML), a trademark protection service that allows rights holders to reserve registration of exact match trademark terms and terms that contain their trademarks across all gTLDs administered by Registry Operator under certain terms and conditions. iv. At no cost to trademark holders, establish and maintain a Claims Plus service, which is a notice protection mechanism that begins at the end of ICANN’s mandated Trademark Claims period. v. Bind registrants to terms of use that define and prohibit illegal or abusive activity. vi. Limit the use of proxy and privacy registration services in cases of malfeasance. vii. Consistent with the terms of this Registry Agreement, reserve the right to exclude from distribution any registrars with a history of non-­‐compliance with the terms of the Registrar Accreditation Agreement. viii. Registry Operator will be properly resourced to perform these protections.

  • Proposed Policies and Procedures Regarding New Online Content and Functionality By October 31, 2017, the School will submit to OCR for its review and approval proposed policies and procedures (“the Plan for New Content”) to ensure that all new, newly-added, or modified online content and functionality will be accessible to people with disabilities as measured by conformance to the Benchmarks for Measuring Accessibility set forth above, except where doing so would impose a fundamental alteration or undue burden. a) When fundamental alteration or undue burden defenses apply, the Plan for New Content will require the School to provide equally effective alternative access. The Plan for New Content will require the School, in providing equally effective alternate access, to take any actions that do not result in a fundamental alteration or undue financial and administrative burdens, but nevertheless ensure that, to the maximum extent possible, individuals with disabilities receive the same benefits or services as their nondisabled peers. To provide equally effective alternate access, alternates are not required to produce the identical result or level of achievement for persons with and without disabilities, but must afford persons with disabilities equal opportunity to obtain the same result, to gain the same benefit, or to reach the same level of achievement, in the most integrated setting appropriate to the person’s needs. b) The Plan for New Content must include sufficient quality assurance procedures, backed by adequate personnel and financial resources, for full implementation. This provision also applies to the School’s online content and functionality developed by, maintained by, or offered through a third-party vendor or by using open sources. c) Within thirty (30) days of receiving OCR’s approval of the Plan for New Content, the School will officially adopt, and fully implement the amended policies and procedures.

  • Environmental and Social Safeguards All of the Projects will be implemented in compliance with the MCC Environmental Guidelines and the MCC Gender Policy, and any resettlement will be carried out in accordance with the World Bank’s Operational Policy on Involuntary Resettlement in effect as of July 2007 (“OP 4.12”) in a manner acceptable to MCC. In accordance with its policies, the Government will ensure that the Projects comply with all national environmental laws and regulations, licenses and permits, except to the extent such compliance would be inconsistent with this Compact. Specifically, the Government will: (a) cooperate with or complete, as the case may be, any ongoing environmental assessments, or if necessary undertake and complete any additional environmental assessments, social assessments, environmental management plans, environmental and social audits, resettlement policy frameworks, and resettlement action plans required under the laws of Indonesia, the MCC Environmental Guidelines, this Compact, the PIA, or any Supplemental Agreement, or as otherwise required by MCC, each in form and substance satisfactory to MCC; (b) ensure that Project-specific environmental and social management plans are developed and all relevant measures contained in such plans are integrated into project design, the applicable procurement documents and associated finalized contracts, in each case, in form and substance satisfactory to MCC; and (c) implement to MCC’s satisfaction appropriate environmental and social mitigation measures identified in such assessments or plans. Unless MCC agrees otherwise in writing, the Government will fund all necessary costs of environmental and social mitigation measures (including, without limitation, costs of resettlement) not specifically provided for, or that exceed the MCC Funding specifically allocated for such costs in, the Detailed Financial Plan for any Project. To maximize the positive social impacts of the Projects, address cross-cutting social and gender issues such as human trafficking, child and forced labor, and HIV/AIDS, and to ensure compliance with the MCC Gender Policy, the Government will: (x) develop a comprehensive social and gender integration plan which, at a minimum, identifies approaches for regular, meaningful and inclusive consultations with women and other vulnerable/underrepresented groups, consolidates the findings and recommendations of Project-specific social and gender analyses and sets forth strategies for incorporating findings of the social and gender analyses into final Project designs as appropriate (“Social and Gender Integration Plan”); and (y) ensure, through monitoring and coordination during implementation, that final Activity designs, construction tender documents and implementation plans are consistent with and incorporate the outcomes of the social and gender analyses and social and gender integration plan. To address gender concerns that impact women’s ability to participate across Projects, MCA- Indonesia will adopt a detailed workplan, subject to MCC approval, for gender work to be undertaken at the policy, institutional capacity building and community levels (the “Targeted Gender Activities”). Xxxxx XX sets forth the MCC Funding allocated for the performance of the Targeted Gender Activities. Prior to the second disbursement of MCC Funding for the Targeted Gender Activities, MCA-Indonesia shall have completed detailed action plans and provided evidence of demonstrated commitment of relevant stakeholders to addressing policy constraints identified in the workplan.

  • New Hampshire Specific Data Security Requirements The Provider agrees to the following privacy and security standards from “the Minimum Standards for Privacy and Security of Student and Employee Data” from the New Hampshire Department of Education. Specifically, the Provider agrees to: (1) Limit system access to the types of transactions and functions that authorized users, such as students, parents, and LEA are permitted to execute; (2) Limit unsuccessful logon attempts; (3) Employ cryptographic mechanisms to protect the confidentiality of remote access sessions; (4) Authorize wireless access prior to allowing such connections; (5) Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity; (6) Ensure that the actions of individual system users can be uniquely traced to those users so they can be held accountable for their actions; (7) Establish and maintain baseline configurations and inventories of organizational systems (including hardware, software, firmware, and documentation) throughout the respective system development life cycles; (8) Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services; (9) Enforce a minimum password complexity and change of characters when new passwords are created; (10) Perform maintenance on organizational systems; (11) Provide controls on the tools, techniques, mechanisms, and personnel used to conduct system maintenance; (12) Ensure equipment removed for off-site maintenance is sanitized of any Student Data in accordance with NIST SP 800-88 Revision 1; (13) Protect (i.e., physically control and securely store) system media containing Student Data, both paper and digital; (14) Sanitize or destroy system media containing Student Data in accordance with NIST SP 800-88 Revision 1 before disposal or release for reuse; (15) Control access to media containing Student Data and maintain accountability for media during transport outside of controlled areas; (16) Periodically assess the security controls in organizational systems to determine if the controls are effective in their application and develop and implement plans of action designed to correct deficiencies and reduce or eliminate vulnerabilities in organizational systems; (17) Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems; (18) Deny network communications traffic by default and allow network communications traffic by exception (i.e., deny all, permit by exception); (19) Protect the confidentiality of Student Data at rest; (20) Identify, report, and correct system flaws in a timely manner; (21) Provide protection from malicious code (i.e. Antivirus and Antimalware) at designated locations within organizational systems; (22) Monitor system security alerts and advisories and take action in response; and (23) Update malicious code protection mechanisms when new releases are available.

  • Contractor Responsibility and Debarment The following requirements set forth in the County’s Non-Responsibility and Debarment Ordinance (Title 2, Chapter 2.202 of the County Code) are effective for this Agreement, except to the extent applicable State and/or federal laws are inconsistent with the terms of the Ordinance. A. A responsible Contractor is a Contractor who has demonstrated the attribute of trustworthiness, as well as quality, fitness, capacity and experience to satisfactorily perform the contract. It is the County’s policy to conduct business only with responsible contractors. B. The Contractor is hereby notified that, in accordance with Chapter 2.202 of the County Code, if the County acquires information concerning the performance of the Contractor on this or other Agreements which indicates that the Contractor is not responsible, the County may, in addition to other remedies provided in the Agreement, debar the Contractor from bidding or proposing on, or being awarded, and/or performing work on County Agreements for a specified period of time, which generally will not exceed five years but may exceed five years or be permanent if warranted by the circumstances, and terminate any or all existing Agreements the Contractor may have with the County. C. The County may debar a Contractor if the Board of Supervisors finds, in its discretion, that the Contractor has done any of the following: (1) violated a term of an Agreement with the County or a nonprofit corporation created by the County; (2) committed an act or omission which negatively reflects on the Contractor’s quality, fitness or capacity to perform a contract with the County, any other public entity, or a nonprofit corporation created by the County, or engaged in a pattern or practice which negatively reflects on same; (3) committed an act or offense which indicates a lack of business integrity or business honesty, or (4) made or submitted a false claim against the County or any other public entity. D. If there is evidence that the Contractor may be subject to debarment, the Department will notify the Contractor in writing of the evidence which is the basis for the proposed debarment and will advise the Contractor of the scheduled date for a debarment hearing before the Contractor Hearing Board. E. The Contractor Hearing Board will conduct a hearing where evidence on the proposed debarment is presented. The Contractor and/or the Contractor’s representative shall be given an opportunity to submit evidence at that hearing. After the hearing, the Contractor Hearing Board shall prepare a tentative proposed decision, which shall contain a recommendation regarding whether the contractor should be debarred, and, if so, the appropriate length of time of the debarment. The Contractor and the Department shall be provided an opportunity to object to the tentative proposed decision prior to its presentation to the Board of Supervisors. F. After consideration of any objections, or if no objections are submitted, a record of the hearing, the proposed decision and any other recommendation of the Contractor Hearing Board shall be presented to the Board of Supervisors. The Board of Supervisors shall have the right to modify, deny or adopt the proposed decision and recommendation of the Hearing Board. G. If a Contractor has been debarred for a period longer than five (5) years, that Contractor may, after the debarment has been in effect for at least five (5) years, submit a written request for review of the debarment determination to reduce the period of debarment or terminate the debarment. The County may, in its discretion, reduce the period of debarment or terminate the debarment if it finds that the Contractor has adequately demonstrated one or more of the following: (1) elimination of the grounds for which the debarment was imposed; (2) a bona fide change in ownership or management; (3) material evidence discovered after debarment was imposed; or (4) any other reason that is in the best interests of the County. H. The Contractor Hearing Board will consider a request for review of a debarment determination only where (1) the Contractor has been debarred for a period longer than five (5) years; (2) the debarment has been in effect for at least five (5) years; and (3) the request is in writing, states one or more of the grounds for reduction of the debarment period or termination of the debarment, and includes supporting documentation. Upon receiving an appropriate request, the Contractor Hearing Board will provide notice of the hearing on the request. At the hearing, the Contractor Hearing Board shall conduct a hearing where evidence on the proposed reduction of debarment period or termination of debarment is presented. This hearing shall be conducted and the request for review decided by the Contractor Hearing Board pursuant to the same procedures as for a debarment hearing. I. The Contractor Hearing Board’s proposed decision shall contain a recommendation on the request to reduce the period of debarment or terminate the debarment. The Contractor Hearing Board shall present its proposed decision and recommendation to the Board of Supervisors. The Board of Supervisors shall have the right to modify, deny, or adopt the proposed decision and recommendation of the Contractor Hearing Board. J. These terms shall also apply to subcontractors of County Contractors.

  • Contractor Sales Reporting Vendor Management Fee Contractor Reports Master Contract Sales Reporting. Contractor shall report total Master Contract sales quarterly to Enterprise Services, as set forth below. Master Contract Sales Reporting System. Contractor shall report quarterly Master Contract sales in Enterprise Services’ Master Contract Sales Reporting System. Enterprise Services will provide Contractor with a login password and a vendor number. The password and vendor number will be provided to the Sales Reporting Representative(s) listed on Contractor’s Bidder Profile. Data. Each sales report must identify every authorized Purchaser by name as it is known to Enterprise Services and its total combined sales amount invoiced during the reporting period (i.e., sales of an entire agency or political subdivision, not its individual subsections). The “Miscellaneous” option may be used only with prior approval by Enterprise Services. Upon request, Contractor shall provide contact information for all authorized purchasers specified herein during the term of the Master Contract. If there are no Master Contract sales during the reporting period, Contractor must report zero sales. Due dates for Master Contract Sales Reporting. Quarterly Master Contract Sales Reports must be submitted electronically by the following deadlines for all sales invoiced during the applicable calendar quarter: March 31: April 30 June 30: July 31 September 30: October 31 December 31: January 31 Vendor Management Fee. Contractor shall pay to Enterprise Services a vendor management fee (“VMF”) of 1.50 percent on the purchase price for all Master Contract sales (the purchase price is the total invoice price less applicable sales tax). The sum owed by Contractor to Enterprise Services as a result of the VMF is calculated as follows: Amount owed to Enterprise Services = Total Master Contract sales invoiced (not including sales tax) x .0150. The VMF must be rolled into Contractor’s current pricing. The VMF must not be shown as a separate line item on any invoice unless specifically requested and approved by Enterprise Services. Enterprise Services will invoice Contractor quarterly based on Master Contract sales reported by Contractor. Contractors are not to remit payment until they receive an invoice from Enterprise Services. Contractor’s VMF payment to Enterprise Services must reference this Master Contract number, work request number (if applicable), the year and quarter for which the VMF is being remitted, and the Contractor’s name as set forth in this Master Contract, if not already included on the face of the check. Failure to accurately report total net sales, to submit a timely usage report, or remit timely payment of the VMF, may be cause for Master Contract termination or the exercise of other remedies provided by law. Without limiting any other available remedies, the Parties agree that Contractor’s failure to remit to Enterprise Services timely payment of the VMF shall obligate Contractor to pay to Enterprise Services, to offset the administrative and transaction costs incurred by the State to identify, process, and collect such sums. The sum of $200.00 or twenty-five percent (25%) of the outstanding amount, whichever is greater, or the maximum allowed by law, if less. Enterprise Services reserves the right, upon thirty (30) days advance written notice, to increase, reduce, or eliminate the VMF for subsequent purchases, and reserves the right to renegotiate Master Contract pricing with Contractor when any subsequent adjustment of the VMF might justify a change in pricing. Annual Master Contract Sales Report. Upon request, Contractor shall provide to Enterprise Services a detailed annual Master Contract sales report. Such report shall include, at a minimum: Product description, part number or other Product identifier, per unit quantities sold, and Master Contract price. This report must be provided in an electronic format that can be read by compatible with MS Excel. Small Business Inclusion. Upon Request by Enterprise Services, Contractor shall provide, within thirty (30) days, an Affidavit of Amounts Paid. Such Affidavit of Amounts Paid either shall state, if applicable, that Contractor still maintains its MWBE certification or state that its subcontractor(s) still maintain(s) its/their MWBE certification(s) and specify the amounts paid to each certified MWBE subcontractor under this Master Contract. Contractor shall maintain records supporting the Affidavit of Amounts Paid in accordance with this Master Contract’s records retention requirements.

Draft better contracts in just 5 minutes Get the weekly Law Insider newsletter packed with expert videos, webinars, ebooks, and more!