Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data Manaement with Semantic MediaWiki - fulfilling GPDR requirements

165 views

Published on

The General Data Protection Regulation of the EU requires organisations to document "Records of Processing Activities" - a job that can easily be done by SMW

Published in: Law
  • Be the first to comment

  • Be the first to like this

Data Manaement with Semantic MediaWiki - fulfilling GPDR requirements

  1. 1. www.kdz.or.atwww.kdz.or.at October 5th, 2017 SMWCon Fall 2017 Bernhard Krabina Data Management with SMW: fulfilling GDPR requirements
  2. 2. www.kdz.or.at Introduction  KDZ – Centre for Public Administration Research  Open Knowledge – Austrian Chapter  Semantic MediaWiki  https://www.meetup.com/de- DE/Semantic-MediaWiki-Austria/ 05. Oktober 2017 · Seite 2
  3. 3. www.kdz.or.at „Data centric“ management  Smart City/Big Data: Data that are/soon will be available  Open (Government) Data: First datasets are easy to publish. How to move on?  Public Sector Information (PSI) directive: Remove barriers that hinder the re-use of public sector information.  Freedom of Information vs. Official secrecy: „Register of data“ – what is available?  General Data Protection Regulation (GDPR): from May 2018: Records of processing activities 05. Oktober 2017 · Seite 3
  4. 4. www.kdz.or.at Need for Professional Internal Data Monitoring 4. Oktober 2012 · Seite 4 http://www.kdz.eu/en/open-government-implementation-model
  5. 5. www.kdz.or.at Internal data inventory vs. published data catalogue 05. Oktober 2017 · Seite 5
  6. 6. www.kdz.or.at Ratings based on 8 criteria, why or why not a dataset can be published 05. Oktober 2017 · Seite 6 Non-disclosure/legal restrictions Personal references Copyright Value Effort Content-related data quality Technical availability Synergy Rating sum: Rating by: RateCapture Publish
  7. 7. www.kdz.or.at GDPR: General Data Protection Regulation 05. Oktober 2017 · Seite 7  Effective from May 25, 2018  No need for legal implementation in Member states  Article 30 Records of Processing Activities  Processing Register, Data Flow Chart, Data Mapping, Data Inventory, Data Index  Privacy Impact Assessments
  8. 8. www.kdz.or.at Article 30 Records of Processing Activities  companies with < 250 employees are exempt  records shall be in writing, including in electronic form  shall make the record available to the supervisory authority on request 05. Oktober 2017 · Seite 8
  9. 9. www.kdz.or.at Article 30 Records of Processing Activities  Record includes  name and contact details of the controller (joint controller, controller's representative and the data protection officer);  purposes of the processing;  description of the categories of data subjects and of the categories of personal data;  categories of recipients to whom the personal data have been or will be disclosed;  transfers of personal data to a third country or an international organisation,  where possible, the envisaged time limits for erasure of the different categories of data;  where possible, a general description of the technical and organisational security measures referred to in Article 32(1). 05. Oktober 2017 · Seite 9
  10. 10. www.kdz.or.at Your options?  Create tons of documents and throw a DMS at them  Use a smart SMW installation 05. Oktober 2017 · Seite 10
  11. 11. www.kdz.or.at Contact 4. Oktober 2012 · Seite 11 Bernhard Krabina  krabina@kdz.or.at  www.kdz.or.at  @krabina

×