The General Data Protection Regulation of the EU requires organisations to document "Records of Processing Activities" - a job that can easily be done by SMW
2. www.kdz.or.at
Introduction
KDZ – Centre for Public
Administration Research
Open Knowledge –
Austrian Chapter
Semantic MediaWiki
https://www.meetup.com/de-
DE/Semantic-MediaWiki-Austria/
05. Oktober 2017 · Seite 2
3. www.kdz.or.at
„Data centric“ management
Smart City/Big Data:
Data that are/soon will be available
Open (Government) Data:
First datasets are easy to publish. How to move on?
Public Sector Information (PSI) directive:
Remove barriers that hinder the re-use of public
sector information.
Freedom of Information vs. Official secrecy:
„Register of data“ – what is available?
General Data Protection Regulation (GDPR):
from May 2018: Records of processing activities
05. Oktober 2017 · Seite 3
6. www.kdz.or.at
Ratings based on 8 criteria, why or
why not a dataset can be published
05. Oktober 2017 · Seite 6
Non-disclosure/legal restrictions
Personal references
Copyright
Value
Effort
Content-related data quality
Technical availability
Synergy
Rating sum:
Rating by:
RateCapture Publish
7. www.kdz.or.at
GDPR: General Data Protection
Regulation
05. Oktober 2017 · Seite 7
Effective from May 25, 2018
No need for legal implementation in Member states
Article 30 Records of Processing Activities
Processing Register, Data Flow Chart, Data Mapping, Data Inventory, Data
Index
Privacy Impact Assessments
8. www.kdz.or.at
Article 30
Records of Processing Activities
companies with < 250 employees are exempt
records shall be in writing, including in
electronic form
shall make the record available to the
supervisory authority on request
05. Oktober 2017 · Seite 8
9. www.kdz.or.at
Article 30
Records of Processing Activities
Record includes
name and contact details of the controller (joint controller,
controller's representative and the data protection officer);
purposes of the processing;
description of the categories of data subjects and of the
categories of personal data;
categories of recipients to whom the personal data have been or
will be disclosed;
transfers of personal data to a third country or an international
organisation,
where possible, the envisaged time limits for erasure of the
different categories of data;
where possible, a general description of the technical and
organisational security measures referred to in Article 32(1).
05. Oktober 2017 · Seite 9