ECCC Calls for Expression of Interest
The data controller of the processing operation is the European Cybersecurity Competence Center (“ECCC”).
Note: During the transition period, the European Commission – DG CONNECT (“EC”) is responsible for the establishment and initial operations of the ECCC, i.e. until the ECCC has the operational capacity to implement its own budget[1].
ECCC processes personal data in accordance with Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data[2]. The legal basis for the processing operation is Article 5(1)(a) of Regulation (EU) 2018/1725, on the basis of Regulation (EU) 2021/887, namely Article 5(1)(b), establishing the tasks of the Competence Centre.
The data processors of the processing operation are:
- The European Commission EU Survey tool[3], used to collect the expressions of interest;
The purpose of this processing operation is to
- facilitate submissions for Calls for Expression of Interest (CfEI) from applicable entities in EU Member States and other eligible countries, willing to deploy and manage cross-border Security Operation Centres (SOCs) platforms / cross-border Cyber Hubs as well as national SOCs platforms/national Cyber Hubs,
- perform relevant assessments/selection of the submitted CfEIs,
- communicate the outcome of the selection process and
- initiate (preparation of the agreements) with ECCC.
As part of the CfEI for national SOCs platforms, the ECCC will select various entities in each Member State designated as national Cyber Hubs or SOCs. In the CfEI for cross-border SOCs, the ECCC will select a number of consortia led by competent authorities from at least 3 Member States / national Cyber Hubs or SOCs that would come together to create cross-border SOC platforms.
The following personal data are collected:
- Contact data of person responsible for the expression of interest and legal representative(s), namely: first name, last name, function, organisation, telephone number, country and e-mail address.
- Required documents and supporting material related to the submission that might include contact data of the aforementioned data subjects.
The recipients of your data are: designated ECCC and European Commission staff involved in the data processing operation, including the assessments/selection of the submitted CfEIs. The data may also be available to EU bodies charged with monitoring or inspection tasks in application of EU law (e.g. internal audits, European Anti-fraud Office – OLAF).
Retention periods:
The submitted CfEIs will be deleted from EU Survey after one month following the CfEI submission closure date.
The submitted CfEIs (including the unsuccessful ones) and evaluation data will be kept by the ECCC for the duration of the CfEI and the respective Digital Europe Programme in line with the Preamble of Regulation 2021/694[4]. Subsequently to the completion to the Programme, the data will be kept for a duration of ten (10) years. Further to this period, the data will be permanently deleted.
Storage and transfers of personal data:
Received submissions and outcomes of the selection process will be registered at the record management system of the ECCC (ARES – Advanced Records System) and will also be processed by ECCC internal IT system.
Transfers of personal data outside the EU/EEA is not foreseen.
Personal data is not subject to automated decision-making.
You have the right of access to your personal data and to relevant information concerning how we use it. You have the right to rectify your personal data. Under certain conditions, you have the right to ask that we delete your personal data or restrict its use. You have the right to object to our processing of your personal data, on grounds relating to your particular situation, at any time. We will consider your request, take a decision and communicate it to you. If you have any queries concerning the processing of your personal data, you may address them to ECCC at CNECT-ECCC-ADMINec [dot] europa [dot] eu (CNECT-ECCC-ADMIN[at]ec[dot]europa[dot]eu)
You have the right of recourse at any time to the ECCC DPO at eccc-dpoenisa [dot] europa [dot] eu (eccc-dpo[at]enisa[dot]europa[dot]eu) and to the European Data Protection Supervisor at https://edps.europa.eu
[1] Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, Article 46(1). http://data.europa.eu/eli/reg/2021/887/oj
[2] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002. http://data.europa.eu/eli/reg/2018/1725/oj
[3] https://ec.europa.eu/eusurvey/home/welcome
[4] Regulation (EU) 2021/694 of the European Parliament and of the Council of 29 April 2021 establishing the Digital Europe Programme and repealing Decision (EU) 2015/2240