-
Notifications
You must be signed in to change notification settings - Fork 25
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Representing Main Establishment and Lead SA as a concept #93
Comments
Is "main establishment" a GDPR-only concept? In any case, GDPR has a specific definition of "main establishment" as defined in Art.4-16, which necessitates representing it within DPV-GDPR. The role of "main establishment" can be on a case-by-case basis. Two properties are needed to specify main establishments:
Similarly, GDPR also has specific roles for authorities (e.g. see Art.60), which are expanded from
|
From Guidelines 3/2018 on the territorial scope of the GDPR (Article 3), it is clear that establishment is distinct and broader than subsidiary - and is an EU concept (Directive 95/46/EC Recital 19) as it can include a branch or a local office rather than require a subsidiary:
Further from the same guidelines:
GDPR Article 4-16a defines main establishments for controllers as:
And GDPR Recital 124 specifies the use of main establishment to decide the role of lead supervisory authority:
The concept From this, I suggest we model concepts as follows:
|
Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org
|
Comment by @coolharsh55 via IRC channel #dpvcg on irc.w3.org concepts have been accepted in today's meeting and will be added to DPV-GDPR |
How to represent Main Establishment, Lead Supervisory Authority, and Concerned Supervisory Authority in the context of GDPR?
The text was updated successfully, but these errors were encountered: