Package GDPR

R-HuSDPoS

Finds a Stakeholder operating a Process that is using Special Category Data relating to a Human data subject, where the subject operates the Service providing (and controlling) access to the data.

R-HuSDPS

Finds a Stakeholder operating a Process that is using Special Category Data relating to a Human data subject.

R-NDFHu

Finds nationally regulated personal data being transferred across a border.

MP-HuSDPoS-i

Finds a Stakeholder operating a Process that is using Special Category Data relating to a Human data subject, where the subject operates the Service providing (and controlling) access to the data but not the Process using it.

MP-HuSDPS-io

Finds a Stakeholder operating a Process that is using Special Category Data relating to a Human data subject who is not operating the process providing access to the data.

MP-NDFHuoO

Finds nationally regulated personal data being transferred across a border to a process that optionally has an operator organisation.

(empty)

D.GDPR.DFHuoO.1

Personal data Data related to DataSubject transferred across borders: since the data subject DataSubject is subject to the GDPR, their data Data should not be communicated by process FlowsFrom across a border to process Process in jurisdiction RemoteJurisdiction unless the GDPR is in force or equivalent protection is provided.

D.GDPR.DSHuoO.1

Personal data Data related to DataSubject is communicated across borders: since the data subject DataSubject is subject to the GDPR, their data Data it should not be communicated via process Process in jurisdiction RemoteJurisdiction that does not enforce the GDPR or equivalent protection, without suitable protection measures.

D.GDPR.HuDP-St.1

Personal data Data has no data controller: under the GDPR, a data controller (a person or in most cases, an organisation) who alone or jointly with others, determines the purposes and means of the processing of personal data, and has certain responsibilities defined by Article 24. Data Data relates to the data subject DataSubject and is subject to the GDPR so there should be a controller. Add an organisation or user if not already included, and a hasController relationship from Data to its data controller.

D.GDPR.HuDSH-St.1

Personal data Data has no data controller: under the GDPR, a data controller (a person or in most cases, an organisation) who alone or jointly with others, determines the purposes and means of the processing of personal data, and has certain responsibilities defined by Article 24. Data Data relates to the data subject DataSubject and is subject to the GDPR, so there should be a controller. Add an organisation or user if not already included, and a hasController relationship from Data to its data controller.

D.GDPR.NDFHuoO.1

Nationally regulated personal data Data is transferred across borders: since Data related to DataSubject is subject to national regulations even under the GDPR, it should not be transferred by process FlowsFrom in jurisdiction Jurisdiction to process Process operating in jurisdiction RemoteJurisdiction without suitable analysis of the national regulations in both jurisdictions.

H.GDPR.HuDSHoJoSt.1

Personal data Data should be stored in a suitable location: since Data relating to DataSubject is subject to the GDPR, it should be stored in a device in a GDPR-compliant jurisdiction or run by a Privacy Shield approved operator. If neither of these regulatory/contractual solutions are available, you need to store the data on a different device.

P.GDPR.Hu-aDoPS-o.8

Extra measures are needed for Service to store Data related to DataSubject who may be a child: the legal basis for this data processing Data relating to DataSubject under the GDPR is consent, but DataSubject may be a child, so additional measures are necessary for their consent to be valid. If DataSubject cannot be a child, then change them from type Human to type Adult to eliminate this threat.

P.GDPR.Hu-aDPoS-i.8

Extra measures are needed for Process to use Data related to DataSubject who may be a child: the legal basis for this data processing under the GDPR is consent, but the subject DataSubject may be a child, so additional measures are necessary for their consent to be valid. If DataSubject cannot be a child, then change them from type Human to type Adult to eliminate this threat.

P.GDPR.Hu-aDPS-io.8

Extra measures are needed for Process to use Data related to DataSubject who may be a child: the legal basis for this data processing under the GDPR is consent, but the subject DataSubject may be a child, so additional measures are necessary for their consent to be valid. If DataSubject cannot be a child, then change them from type Human to type Adult to eliminate this threat.

P.GDPR.HuDoPS-o.6

Lack of legal basis to store Data related to DataSubject at Service: since data Data is related to a person DataSubject who is a citizen or resident in a state where the GDPR applies, a legal basis is required to collect and process their data. In this case the subject controls a process that is using the data, but not the service where it is stored, so consent is still needed to manage the data on their behalf.

P.GDPR.HuDPoJoSt.1

Personal data Data related to DataSubject should be processed in a suitable location: since Data relating to DataSubject is subject to the GDPR, it should be processed in a GDPR-compliant jurisdiction or by a Privacy Shield approved operator. If neither of these regulatory/contractual solutions are available, you need to move the process to a different host, or move the host.

P.GDPR.HuDPoS-i.6

Lack of legal basis for use of Data related to DataSubject by Process: since the data is related to a person DataSubject who is a citizen or resident in a state where the GDPR applies, a legal basis is required to process the data. Since DataSubject controls the device where the data is stored, this can only be by consent or to protect vital interests if incapacitated.

P.GDPR.HuDPS-io.6

Lack of legal basis for use of Data related to DataSubject by Process: since the data is related to a person who is a citizen or resident in a state where the GDPR applies, a legal basis is required to process the data.

P.GDPR.HuSDPoS-i.9

Condition for processing special category data Data related to DataSubject: since the data Data being processed is special category data, it may be necessary to obtain consent from the data subject DataSubject even if the legal basis for processing is not based on consent.

P.GDPR.HuSDPS-io.9

Condition for processing special category Data related to DataSubject: since the data Data being processed is special category data, it may be necessary to obtain consent from the data subject DataSubject even if the legal basis for processing is not based on consent.

(empty)

CSG-GDPR-Art6-1-a	Processing and/or storage of *Data* by consent of the data subject *DataSubject, by including a means for them to express consent via their interface to the system, maintaining an access control policy for Data* based on their consent decisions, and enforcing the policy using an enforcement point in the data access path at *Service*.
CSG-GDPR-Art6-1-a-p	Processing of *Data* by consent of the data subject *DataSubject, where they have control over the device SHost* providing the data, and so can enforce restrictions consistent with their own consent decisions. It is still necessary to have a consent interface, but policy enforcement is up to the data subject.
CSG-GDPR-Art6-1-bcef	Processing of *Data* under GDPR Art 6.1b (performance of a contract), Art 6.1c (to comply with regulation), Art 6.1e (in the public interest) or Art 6.1f (legitimate interests). The Governance control means process *Process* has analysed by the relevant experts and documented the case for it being considered lawful under one of these provisions. Access to the data must still be logged by its storage device *SHost*.
CSG-GDPR-Art6-1-d	Processing of *Data* under GDPR Art 6.1d (protection of vital interests). The Vital Interests control means process *Process* has analysed by the relevant experts and documented the case for it being considered necessary to protect the vital interests of the data subject or another natural person. Access to the data must still be logged by its storage device *SHost*.
CSG-GDPR-Art6-1-d-p	Processing of *Data* under GDPR Art 6.1d (protection of vital interests). The Vital Interests control means process *Process* has analysed by the relevant experts and documented the case for it being considered necessary to protect the vital interests of the data subject or another natural person.
CSG-GDPR-Art8-2	Processing of personal data by consent is legal if the subject *DataSubject* is old enough (16+ or a lower limit in some states). The user interface for role *DataSubject* should include measures to ensure this. Competence Check represents a check whether *DataSubject* is old enough to provide consent, Guardian Consent signifies that reasonable efforts must be made to get authorisation from their legal guardian where this proves not to be the case.
CSG-GDPR-Art9-2-c	Processing of special category data *Data* to protect vital interests must have the consent of the data subject *DataSubject* if they are in a position to make a consent decision. One must check their competence to make such a decision, and provide a consent interface to support this if they can. The data *Data* must then be protected by a policy managed according to their consent decision(s) and linked to their data, with an enforcement point at *Service*, the process accessing their data. If the subject cannot provide a consent decision, it is legal to proceed, so there should be a way to bypass the enforcement point only in that case via a break the glass protocol. Finally, access to the data must be logged (including use of this override).
CSG-GDPR-Art9-2-c-p	Processing of special category data *Data* to protect vital interests must have the consent of the data subject *DataSubject* if they are in a position to make a consent decision. One must check their competence to make such a decision, and provide an interface that explains the purpose of processing. Enforcement can be handled by the *DataSubject* if they control the storage device, consent being inferred if they allow access. If they are not able to provide a consent decision, it is legal to take their device and access it outside their control.
CSG-GDPRAtJurisdiction	The jurisdiction *Jurisdiction* is subject to the GDPR.
CSG-GDPRAtRemoteJurisdiction	The jurisdiction *RemoteJurisdiction* is subject to the GDPR.
CSG-GDPRAtSourceJurisdiction	The jurisdiction *Jurisdiction* is subject to the GDPR.
CSG-GDPRAtSubject	The person *DataSubject* is a citizen or resident of a state that is subject to the GDPR.
CSG-GDPRDataFlowGovernance	The flow of data *Data* between *FlowsFrom* and *Process* has been analysed by legal experts and found to be compliant with the GDPR.
CSG-GDPRPrivacyShieldAtOrganisation	Organisation *Operator* has Privacy Shield status under the GDPR, i.e. they are committed to respect and uphold the GDPR when handling personal data from EU citizens and residents, even though they are based outside the EU.
CSG-GDPRSuspendDataFlow	The flow of data *Data* from *FlowsFrom* to *Process* can be temporarily disabled by the manager *Human1* of *FlowsFrom* to prevent a breach of GDPR regulations by its transmission to *Process*. This strategy represents a contingency plan, which can be used to prevent such a breach, but it may also trigger other threats representing possible side effects.
CSG-GDPRSuspendDataFlow-Implementation-Runtime	The flow of data *Data* from *FlowsFrom* to *Process* has been disabled by *Human1* to prevent a breach of the GDPR. This strategy represents activation of a contingency plan at runtime, and can be selected to discover what effect this would have on risk levels, allowing this to be used for decision support calculations. To activate it at runtime, signal user *Human1* who is responsible for managing the service *FlowsFrom*.

GDPRComplianceTraining	The user has undergone training in operational management measures relevant to GDPR compliance for this system, e.g. when and how to suspend the flow of data to prevent breaches of GDPR restrictions. This control can only be applied to an Adult user.
GDPRGovernance	The process or data exchange has been examined by lawyers and found to be legal under the GDPR. Used where compliance does not depend only on technical measures.
GDPRPrivacyShield	The organisation is registered under the Privacy Shield scheme and so can legally handle personal data under the GDPR despite being outside the EU.
SubjectToGDPR	The jurisdiction is subject to the GDPR. That is to say, it is an EU member, EEA member, or other state (e.g. a Dependency), such that the GDPR applies to any personal data relating to its citizens and residents.

(empty)

GDPRArt94Data	A parent class for certain types of data indicating the data is subject to national as well as European regulation under GDPR Article 9.4.
GDPRArt9Data	A parent class for certain types of data indicating the data is subject to additional data protection measures under the EU Regulation GDPR Article 9.
SpecialCategoryData	Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or data concerning a natural person's sex life or sexual orientation. These categories of data are subject to GDPR Art 9, along with biometric, genetic and health data all of which are presented using separate specialised classes.

(empty)

Package GDPR

Root Patterns (3)

R-HuSDPoS

R-HuSDPS

R-NDFHu

Matching Patterns (3)

MP-HuSDPoS-i

MP-HuSDPS-io

MP-NDFHuoO

Construction Patterns (0)

Threat Patterns (15)

D.GDPR.DFHuoO.1

D.GDPR.DSHuoO.1

D.GDPR.HuDP-St.1

D.GDPR.HuDSH-St.1

D.GDPR.NDFHuoO.1

H.GDPR.HuDSHoJoSt.1

P.GDPR.Hu-aDoPS-o.8

P.GDPR.Hu-aDPoS-i.8

P.GDPR.Hu-aDPS-io.8

P.GDPR.HuDoPS-o.6

P.GDPR.HuDPoJoSt.1

P.GDPR.HuDPoS-i.6

P.GDPR.HuDPS-io.6

P.GDPR.HuSDPoS-i.9

P.GDPR.HuSDPS-io.9

Misbehaviour (0)

Control Strategies (16)

Controls (4)

Roles (0)

Assets (3)

Trustworthiness Attributes (0)