Skip to content

Instantly share code, notes, and snippets.



Last active Dec 27, 2018
What would you like to do?
# List here all data controllers
- name: Control Corporation
address: 42 control road, 75000 Paris, France
organisational_part: Control Part
contact_person: Jean-Claude Control
# That's all recipients for this data, wether internal database or an
# external provider.
# Reference name for this recipient
- name: project/api database
# Plain-text description of security measures
security: Secured by the production process
# Type of recipient (internal, eu, non_eu)
type: internal
# You must list here ALL operations on personal data
# Arbitrary name for ths processing
- name: Do stuff
# The controller here refers to the controllers list above
controller: Control Corporation
# Purpose
purpose: Because we need to do stuff
# Try to accurately describe the one or several types of people
# for which this data is being collected. It must be the most
# possibly precise description (you can't say just say "people")
- customers
# List of data fields you're storing. Naming up to you but please
# stay consistent within the project and across all projects if
# possible
- first_name
- last_name
- email
# Must be one of:
# - legal_obligation
# - contractual
# - vital
# - public_interest
# - legitimate_interest
# - consent
# See:
legal_basis: legal_obligation
# List all the places where this data is sent to, wether
# internal or not (if any). The name must match exactly the name
# found in the "recipients" section above.
- project/api database
# Time after which this data will be erased its accessed will be blocked
# from other parties. Of course, if this duration is reached, the erasure
# of this data should be implemented and garanteed.
# Format: never, 10 years, 10 months, 10 days, 10 hours, 10 minutes
expiration_time: 36 months
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment