Campus check - GDPR
Does the campus have set up a generic address for data protection: dpo@campus.extension / dpo@campus.42.tech?
General: Does the campus have an internal policy for managing the rights of data subjects (right of access, deletion, etc.)?
*
General: Does the campus have an internal policy for managing the rights of data subjects (right of access, deletion, etc.)?
Data deletion: In order to delete data outside of 42 tools when a request for data deletion is received from the intranet, does the campus use the webhook provided by 42 Central?
*
Data deletion: In order to delete data outside of 42 tools when a request for data deletion is received from the intranet, does the campus use the webhook provided by 42 Central?
Can the campus confirm that the security measures listed below, in particular, have been implemented:
*
Can the campus confirm that the security measures listed below, in particular, have been implemented:
Does the campus have implemented a data retention policy?
*
Does the campus have implemented a data retention policy?
Does the campus have established processes to comply with the retention periods defined in Article 9.2 concerning candidates/students data when necessary?
*
Does the campus have established processes to comply with the retention periods defined in Article 9.2 concerning candidates/students data when necessary?
Subcontracting in the context of joint processings
Does the campus use third-party service providers/platforms in the context of joint processings activities?
*
Does the campus use third-party service providers/platforms in the context of joint processings activities?
Independent data processing
Does the campus inform the data subjects about how the data is processed for independent data processing (as defined in article 6.2. of the GDPR annex)?
*
Does the campus inform the data subjects about how the data is processed for independent data processing (as defined in article 6.2. of the GDPR annex)?
Does the campus have a data breach register in place? (French reference here)
*
Does the campus have a data breach register in place? (French reference here)
Have you been victim to a data breach involving joint processings data and activities?
*
Have you been victim to a data breach involving joint processings data and activities?
Has the campus been controlled by a supervisory authority in relation to joint processing activities?
*
Has the campus been controlled by a supervisory authority in relation to joint processing activities?
Has the campus communicated with a supervisory authority in relation to joint processings activities?
*
Has the campus communicated with a supervisory authority in relation to joint processings activities?
Has the campus been the subject of a complaint and/or report to a supervisory authority involving joint processings activities or likely to concern 42?
*
Has the campus been the subject of a complaint and/or report to a supervisory authority involving joint processings activities or likely to concern 42?
