GDPR Privacy Policy Acceptance Recording and Registry #2658
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Current behavior
Following EAT legal GDPR compliance setup, it has been defined that for each Privacy Policy Acceptance, it shall be retained a registry keeping a trace of the acceptance of the policy, accordingly to those specification:
"It should be generated and kept (three years) a trace of acceptance of the Policy, with at least
the following data:
o Identification of the petitioner, in a proper way, unless it is an anonymous report or
complaint.
o Date (day, month, year) and time (hour and minute) when the acceptance is provided.
o Text accepted, or at least the information to identify the text accepted, e.g. title and
version."
The Registry shall be available for consultation by the admin and/or by a dedicated user representing the DPO of the organization, as a way to let any whistleblower to exercise their GDPR-related rights (data inquiry, data cancellation, etc), if requested.
The registry shall be subject to a dedicated data retention policy, different from the one of the whistleblowing reports.
For EAT project it has been defined:
The text was updated successfully, but these errors were encountered: