the CNIL adopts a standard relating to data processing

[ad_1]

The repository “is intended for private or public organizations, whatever their legal form, which welcome, house or support on a social and / or medico-social level the elderly, people with disabilities and those in difficulty” , explains the Cnil.

A non-exhaustive list of organizations concerned notably cites accommodation establishments for dependent elderly people (Ehpad), departmental homes for the disabled (MDPH), departmental councils, communal social action centers (CCAS), health home support assistance services (Saad) and health home nursing care (Ssiad).

“Excluded from the scope of the reference system, due to their specific features, are the processing carried out by private and / or public law bodies within the framework of the prevention and protection of children, and judicial representatives to the protection of adults. “

This repository is “a tool to help compliance with the regulations relating to the protection of personal data” implemented “commonly”.

It has “no binding value”.

“In principle, it makes it possible to ensure that the data processing carried out by organizations complies with the principles relating to data protection, in a context of changing practices in the digital age”, specifies the Cnil.

“Organizations which deviate from the standard with regard to the specific conditions relating to their situation may do so. They may nevertheless be asked to justify the existence of such a need and the measures implemented to ensure compliance. from processing to regulation, ”she emphasizes.

The repository “also provides assistance in carrying out a data protection impact assessment (DPIA), if it is necessary”.

It lists the processing purposes, that is to say the objectives making it possible to justify the implementation of data processing:

• “provide the services defined within the framework of a contract concluded between the organization and the person concerned or his legal representative and, where applicable, ensure the management of the administrative file of the person concerned”

• “instruct, manage and, where appropriate, obtain rights and / or pay legal and optional social benefits”

• “offer social and medico-social support adapted to the difficulties encountered […], ensure the follow-up of people in access to rights […] and, if necessary, directing people to the competent structures likely to take care of them “

• “exchange and share strictly necessary information […] allowing to guarantee the coordination and the continuity of the accompaniment and the follow-up of the people between the social, medical and paramedical interveners “

• “ensure the administrative, financial and accounting management of the establishment, service or body”

• “ensure the feedback of previously anonymized information to the competent authorities concerning serious malfunctions or events having the effect of threatening or compromising the health, safety or well-being of persons […], establish statistics, internal studies and satisfaction surveys for the purpose of evaluating the quality of activities and services and the needs to be covered “.

The document details, for each purpose, the different possible legal bases.

It also specifies the personal data concerned, including the processing of the social security number (NIR), sensitive data and data relating to criminal convictions and offenses.

Finally, the recipients of the data and the rules governing their access to information, the retention periods for the different types of data, the methods of informing individuals and their rights are listed.

(Official Journal, Tuesday 23 March, text 47)

[ad_2]