Skip to content

Instantly share code, notes, and snippets.

@Xowap
Last active December 27, 2018 11:28
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Xowap/d74bdedeca627e1778aef3196d99fac1 to your computer and use it in GitHub Desktop.
Save Xowap/d74bdedeca627e1778aef3196d99fac1 to your computer and use it in GitHub Desktop.
---
# List here all data controllers
controllers:
- name: Control Corporation
address: 42 control road, 75000 Paris, France
organisational_part: Control Part
contact_person: Jean-Claude Control
# That's all recipients for this data, wether internal database or an
# external provider.
recipients:
# Reference name for this recipient
- name: project/api database
# Plain-text description of security measures
security: Secured by the production process
# Type of recipient (internal, eu, non_eu)
type: internal
# You must list here ALL operations on personal data
operations:
# Arbitrary name for ths processing
- name: Do stuff
# The controller here refers to the controllers list above
controller: Control Corporation
# Purpose
purpose: Because we need to do stuff
# Try to accurately describe the one or several types of people
# for which this data is being collected. It must be the most
# possibly precise description (you can't say just say "people")
subjects:
- customers
# List of data fields you're storing. Naming up to you but please
# stay consistent within the project and across all projects if
# possible
data:
- first_name
- last_name
- email
# Must be one of:
# - legal_obligation
# - contractual
# - vital
# - public_interest
# - legitimate_interest
# - consent
# See: https://advisera.com/eugdpracademy/knowledgebase/is-consent-needed-six-legal-bases-to-process-data-according-to-gdpr/
legal_basis: legal_obligation
# List all the places where this data is sent to, wether
# internal or not (if any). The name must match exactly the name
# found in the "recipients" section above.
recipients:
- project/api database
# Time after which this data will be erased its accessed will be blocked
# from other parties. Of course, if this duration is reached, the erasure
# of this data should be implemented and garanteed.
# Format: never, 10 years, 10 months, 10 days, 10 hours, 10 minutes
expiration_time: 36 months
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment