Vault restructure
This commit is contained in:
parent
d45797d121
commit
ff77508bd1
1433 changed files with 415450 additions and 1201 deletions
|
|
@ -0,0 +1,101 @@
|
|||
|
||||
—> Datamodel uitbreiden met Volglijst GDPR (Excel sheet)
|
||||
|
||||
Entity:
|
||||
- has properties
|
||||
- every property has a ToDo flag and a ToDoDescription
|
||||
|
||||
Process:
|
||||
- has Name
|
||||
- has Owner
|
||||
- has Goal
|
||||
- has Scope
|
||||
- is part of Process
|
||||
- has SubProcesses
|
||||
- has DataProcessed
|
||||
- has LawfulBases
|
||||
- has Risks
|
||||
- has Transfers
|
||||
- has SubjectRightsProcedures
|
||||
- has RetentionPolicy
|
||||
- OrganisationActsAs (processor/controller)
|
||||
|
||||
If OrganisationActsAs Processor:
|
||||
- has DataProcessingAgreement with Controller
|
||||
|
||||
If OrganisationActsAs Controller:
|
||||
- has DataProcessingAgreement with Processor
|
||||
|
||||
|
||||
|
||||
|
||||
Controller:
|
||||
- has Name
|
||||
- has DataProcessingAgreement
|
||||
|
||||
Processor:
|
||||
- has Name
|
||||
- has DataProcessingAgreement
|
||||
|
||||
# Processor/Controller is entity with certain type of relationship with CurrentOrganisation
|
||||
|
||||
Owner:
|
||||
- has Name
|
||||
- has Role
|
||||
- has ContactData
|
||||
|
||||
DataProcessed:
|
||||
- of DataSubjects
|
||||
- has DataTypes (e.g. name, dateofbirth)
|
||||
- has DataSources
|
||||
- located in Assets
|
||||
|
||||
|
||||
DataSubject:
|
||||
- has RelationToProcessorOrController
|
||||
- has Category (vulnerability)
|
||||
-
|
||||
|
||||
DataTypes
|
||||
- has name (e.g. name, dateofbirth)
|
||||
- has Category (sensitivity)
|
||||
-
|
||||
|
||||
LawfulBasis:
|
||||
- has type
|
||||
|
||||
Risk:
|
||||
- has Description
|
||||
- has Safeguard
|
||||
|
||||
Transfers:
|
||||
- has TransferSource
|
||||
- has TransferSourceCountry
|
||||
- has TransferTarget
|
||||
- has TransferTargetCountry
|
||||
- has TransferMethod
|
||||
|
||||
|
||||
Asset:
|
||||
- has Category (laptop, software, service, storage, transmissionmethod, …)
|
||||
- has Location
|
||||
- has Identification (tag etc.)
|
||||
- has RemovalProcedure
|
||||
- has ThirdPartyAccess (e.g. suppliers, authorities, IT support company)
|
||||
- has AccessPolicy
|
||||
- has Owner/Administrator/User (needs work: think of BYOD laptop)
|
||||
- has LinkedAsset (e.g. SharePoint has connectors to Dropbox, OneDrive, etc. If there’s a breach at Dropbox it could impact SharePoint)
|
||||
|
||||
If Asset:Category is Service:
|
||||
- has Processor
|
||||
|
||||
SubjectRightsProcedures:
|
||||
- has Type (access, removal, portability, …)
|
||||
- has Notes
|
||||
- has Steps
|
||||
|
||||
RetentionPolicy:
|
||||
- has RemovalProcedure (per Asset where DataProcessed is located)
|
||||
|
||||
AccessPolicy:
|
||||
- has description
|
||||
Loading…
Add table
Add a link
Reference in a new issue