Requirements | Controllers | Processors | Comment |
---|---|---|---|
Explicit Consent: data subjects to explicitly give their consent (declaratory statement or opt-in tick box) for processing their medical, genetic or biometric data | X | ||
Right to Data Portability: data subjects to have their personal data sent back to them to transmit elsewhere more easily | X | ||
Right to Be Forgotten: data subjects to have their personal data erased without undue delay | X | ||
Right to rectification: data subjects to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her | X | ||
Right to restriction of processing: data subjects to obtain from the controller restriction of processing under certain circumstances | X | ||
Subject Access Rights, the request to access data must be addressed quickly (less than one month) | X | ||
Appointment of a Data Protection Officer where medical, genetic or biometric data is processed in a large scale | X | X | |
Data Protection Impact Assessment: risk assessment of the impact of anticipated processing activities on personal, medical, genetic or biometric data | X | X | For telcos, this implies a certain level of security policies parametrization in order to cope with different type of data |
Mandatory data breach reporting: breaches must be reported to a data protection regulator within 72 hours, and those affected by the breach must also be informed. | X | X | |
Anonymization: the method of processing personal data in order to irreversibly prevent identification. | X | X | |
Data confidentiality: protection of data from being accessed by unauthorised parties through e.g. pseudonymization and/or encryption of personal data | X | X | |
Data Integrity: maintenance of the accuracy and consistency of data throughout its entire life cycle | X | X | |
Integrity, availability and resilience of processing systems and services against accidental loss, destruction or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted personal data | X | X | For telcos, this requirement leads to the need of having self-assessment of systems related to their ability to process the data according to regulatory rules |
Existence of a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing | X | X | For telcos this means the ability to monitor and assess security policies and their efficiency |
Traceability: care providers to determine the initial source of the data, and what happened to it through its various locations and transformations. | X | X | For telcos this implies enhanced logging capabilities for highly secured communication services |