Governing Board (GB) meetings, GB members communication and exchange of documents

ECCC, ECCC GB secretariat CNECT-ECCC-GBec [dot] europa [dot] eu (CNECT-ECCC-GB[at]ec[dot]europa[dot]eu)

[1] Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres, Article 46(1).

• EC DG DIGIT offering the CIRCABC collaboration platform which is used for storing and exchange of documents between GB members and observers[1]
• EC DG DIGIT offering MS Teams  teleconference platform for remote participation to GB meetings[2]
• EC PMO offering the Advanced Gateway to your Meetings platform which is used by GB members to claim expenses related to GB meetings participation[3]
• EC DG DIGIT offering the ECCC GB mailing list[4]

[1] DPR-EC-01666.1 Record: https://ec.europa.eu/dpo-register/detail/DPR-EC-01666

[2] DPR-EC-04966.4 Record: https://ec.europa.eu/dpo-register/detail/DPR-EC-04966

[3] DPR-EC-01141.2 Record: https://ec.europa.eu/dpo-register/detail/DPR-EC-01141.3

[4] DPR-EC-03610.1 Record: https://ec.europa.eu/dpo-register/detail/DPR-EC-03610.1

The purpose of the processing is to support the overall functioning of the ECCC Governing Board (GB), including physical or hybrid meetings, communication between GB members and exchange of documents.

It covers:

• registering appointed Governing Board members, alternates, observers and relevant documents, including appointment letters, signed COI forms, etc)
• participation of members and observers to GB meetings
• documents, decisions, agenda(s), meeting minutes and participants list of each meeting
• provision of logistics for organization of GB meetings such as agenda,
• communication between ECCC GB secretariat and ECCC GB members
• follow up of the meetings

Representatives to the ECCC Governing Board (GB) and their alternates by all EU member states, the European Commission and GB observers; other persons invited by GB request.

The legal basis is Regulation (EU) 1725/2018 Article 5 (1)(a) and Regulation (EU) 2021/887 Article 12 establishing the ECCC Governing Board

1. General information

• contact data (Name, country, institution, telephone number, email address);
• travel and hotel booking data and invoices (for invited participants whose travel and accommodation are reimbursed by the ECCC including : name, destination, choice of schedule, choice and location of accommodation, etc.;
• ID/passport number, nationality and/or date of birth, in case this is required for security reasons by the meeting venue;
• user name, IP address, voice and image in case of remote participation to a GB meeting;
• Connection data, such as user name, IP address, last login, when accessing ECCC GB CIRCABC platform;

2. Financial Information

• financial data (when the meeting and/or event is subject to fees or in case of reimbursement of invited participants);

3. Special categories of personal data

• data on dietary purposes (if applicable).
• data related to access requirements (if applicable)

• The duration of the appointment to the ECCC GB and for up to five (5) years after the end of the mandate.
• For financial transactions, in order to provide an audit trail and allow queries on past payments at all times, relevant data are kept up to seven (7) years in accordance with ECCC's Financial Regulation.
• CIRCABC retention periods for account data
• MS Teams  teleconference platform user generated and service generated data
• data on dietary, ID/passport number, nationality and date of birth are deleted no later than 5 working days after the end of the GB meeting;
• Personal data processed via the video-conferencing tool?
• Personal data related to exchanges through the ECCC GB mailing list

• ECCC staff responsible for managing GB meetings and relevant financial transactions;
• Hosting GB organization staff responsible for organizing a GB meeting (venue, security control to enter the premises, social event arrangements) should this is required.
• All GB members can view lists and contact information of the other GB members through the ECCC GB CIRCABC platform.
• The names and affiliation of GB members and their declarations of conflict of interest are published on ECCC website for transparency.

• Transfers to third countries are foreseen only with regard to the use of MS Teams teleconferencing platform as per DPR-EC-04966.4 Record.