Control SubjectToGDPR

An individual user role within the socio-technical system that uses and/or manages assets.

Represents a specific set of regulations to which part or all of a system may be subject. The regulations themselves may come from several sources, e.g. EU and national laws may both apply to parts of a system in a given member state.

Processing and/or storage of Data by consent of the data subject DataSubject, by including a means for them to express consent via their interface to the system, maintaining an access control policy for Data based on their consent decisions, and enforcing the policy using an enforcement point in the data access path at Service.

Processing of Data by consent of the data subject DataSubject, where they have control over the device SHost providing the data, and so can enforce restrictions consistent with their own consent decisions. It is still necessary to have a consent interface, but policy enforcement is up to the data subject.

Processing of Data under GDPR Art 6.1b (performance of a contract), Art 6.1c (to comply with regulation), Art 6.1e (in the public interest) or Art 6.1f (legitimate interests). The Governance control means process Process has analysed by the relevant experts and documented the case for it being considered lawful under one of these provisions. Access to the data must still be logged by its storage device SHost.

Processing of Data under GDPR Art 6.1d (protection of vital interests). The Vital Interests control means process Process has analysed by the relevant experts and documented the case for it being considered necessary to protect the vital interests of the data subject or another natural person. Access to the data must still be logged by its storage device SHost.

Processing of Data under GDPR Art 6.1d (protection of vital interests). The Vital Interests control means process Process has analysed by the relevant experts and documented the case for it being considered necessary to protect the vital interests of the data subject or another natural person.

Processing of special category data Data to protect vital interests must have the consent of the data subject DataSubject if they are in a position to make a consent decision. One must check their competence to make such a decision, and provide a consent interface to support this if they can. The data Data must then be protected by a policy managed according to their consent decision(s) and linked to their data, with an enforcement point at Service, the process accessing their data. If the subject cannot provide a consent decision, it is legal to proceed, so there should be a way to bypass the enforcement point only in that case via a break the glass protocol. Finally, access to the data must be logged (including use of this override).

Processing of special category data Data to protect vital interests must have the consent of the data subject DataSubject if they are in a position to make a consent decision. One must check their competence to make such a decision, and provide an interface that explains the purpose of processing. Enforcement can be handled by the DataSubject if they control the storage device, consent being inferred if they allow access. If they are not able to provide a consent decision, it is legal to take their device and access it outside their control.

The jurisdiction Jurisdiction is subject to the GDPR.

The jurisdiction RemoteJurisdiction is subject to the GDPR.

The jurisdiction Jurisdiction is subject to the GDPR.

The person DataSubject is a citizen or resident of a state that is subject to the GDPR.