-
-
Save eRadical/d48326346689686062a853992b28482c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # List here all data controllers | |
| controllers: | |
| - name: Control Corporation | |
| address: 42 control road, 75000 Paris, France | |
| organisational_part: Control Part | |
| contact_person: Jean-Claude Control | |
| # That's all recipients for this data, wether internal database or an | |
| # external provider. | |
| recipients: | |
| # Reference name for this recipient | |
| - name: project/api database | |
| # Plain-text description of security measures | |
| security: Secured by the production process | |
| # Type of recipient (internal, eu, non_eu) | |
| type: internal | |
| # You must list here ALL operations on personal data | |
| operations: | |
| # Arbitrary name for ths processing | |
| - name: Do stuff | |
| # The controller here refers to the controllers list above | |
| controller: Control Corporation | |
| # Purpose | |
| purpose: Because we need to do stuff | |
| # Try to accurately describe the one or several types of people | |
| # for which this data is being collected. It must be the most | |
| # possibly precise description (you can't say just say "people") | |
| subjects: | |
| - customers | |
| # List of data fields you're storing. Naming up to you but please | |
| # stay consistent within the project and across all projects if | |
| # possible | |
| data: | |
| - first_name | |
| - last_name | |
| # Must be one of: | |
| # - legal_obligation | |
| # - contractual | |
| # - vital | |
| # - public_interest | |
| # - legitimate_interest | |
| # - consent | |
| # See: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/ | |
| legal_basis: legal_obligation | |
| # List all the places where this data is sent to, wether | |
| # internal or not (if any). The name must match exactly the name | |
| # found in the "recipients" section above. | |
| recipients: | |
| - project/api database | |
| # Time after which this data will be erased its accessed will be blocked | |
| # from other parties. Of course, if this duration is reached, the erasure | |
| # of this data should be implemented and garanteed. | |
| # Format: never, 10 years, 10 months, 10 days, 10 hours, 10 minutes | |
| expiration_time: 36 months | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment