Mervinskiy 516

Page 25

DPIA Google G Suite Enterprise for SLM Rijk | 9 July 2020, with update 12 February 2021

Part A. Description processing

of

the

data

This first part of the DPIA provides a description of the characteristics of the personal data that may be generated and processed by Google as a result of the use of the G Suite Enterprise services. This Part A starts with a short description of the processing of different kinds of data. It continues with a description of the different categories of personal data that may be processed in the Diagnostic Data, the categories of data subjects that may be affected by the processing, the purposes of the processing by Google, the locations where data may be stored, processed and analysed, and the data protection roles of the government organisations and Google as data processor and/or as (joint) data controllers. Finally, this part A provides an overview of the different interests related to the processing, and of the retention periods.

1.

The processing of personal data This Section 1 provides a general overview of the risks caused by the processing of personal data resulting from the use of the G Suite Enterprise service. Figure 1: Customer Data, Functional Data and Diagnostic Data

Customer Data

p. 17/162

Functional Data

Diagnostic Data

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Conclusions

2min
page 170

17.4 Google measures 12 February 2021

19min
pages 161-169

16.3 Summary of risks

2min
pages 155-156

16.2 Assessment of Risks

36min
pages 142-154

15.7 Right to file a complaint

0
page 139

15.3 Right to access

5min
pages 136-137

14.3 Assessment of the subsidiarity

2min
page 134

14.1 The principle of proportionality

2min
page 130

14.2 Assessment of the proportionality

8min
pages 131-133

12.1 Transfer of special, sensitive, secret and confidential data to the USA

5min
pages 128-129

11.3 Google’s own legitimate business purposes

5min
pages 126-127

all Diagnostic Data

5min
pages 124-125

Services

22min
pages 116-123

Part B. Lawfulness of the data processing

2min
page 115

8.1 Anonymisation

15min
pages 106-111

6.3 Joint interests

11min
pages 101-105

6.2 Interests of Google

2min
page 100

6.1 Interests of the Dutch government organisations

2min
page 99

5.2 Data processor

5min
pages 88-89

5.3 Data controller

18min
pages 90-96

5.4 Joint controllers

5min
pages 97-98

4.4 Specific purposes Chrome OS and the Chrome browser

2min
page 86

5.1 Definitions

2min
page 87

4.3 Purposes Additional Services and Google Account, when not used in a Core Service

8min
pages 83-85

4.2 Purposes Google

13min
pages 77-82

4.1 Purposes government organisations

2min
page 76

2.5 Types of personal data and data subjects

7min
pages 60-62

3.2 Privacy controls administrators

7min
pages 70-75

3.1 Privacy controls G Suite account for end users

9min
pages 63-69

2.3 Outgoing traffic analysis

8min
pages 52-55

2.4 Results access requests

10min
pages 56-59

2.2 Diagnostic Data

7min
pages 47-51

Related services that may send Customer Data to Google, such as the Feedback form and the Enhanced Spellchecker in the Chrome browser.

4min
pages 13-15

2.1 Definitions of different types of personal data

7min
pages 44-46

Part A. Description of the data processing

0
page 25

The enrolment framework for G Suite Enterprise

2min
pages 42-43

G Suite Core Services, Google Account, Support Services, Additional Services, and Other related services

23min
pages 28-41

Functional Data

2min
page 27

Introduction

7min
pages 16-18

1 Legal framework and contractual arrangements between government organisations and

4min
pages 23-24
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.