...
UDB is governed by EDPR and security standards defined by EC. All connections to UDB shall be made only via eDelivery, a secure exchange infrastructure. Please, refer to the following public link on how to use eDelivery:
Data Protection
Data Privacy
Privacy registry can be found here
https://ec.europa.eu/digitaldpo-building-blocksregister/sites/display/DIGITAL/eDeliverydetail/DPR-EC-20608.1
Data Security and access.
The IT security standards of the European Commission are public and can be found here.
Data Protection
Data Privacy
UDB implementation is governed by by the commissions services ranging from application to infrastructure. For any incident reporting please send to EC-UDB-SUPPORT@ec.europa.eu
eDelivery
eDelivery is a secure exchange data transfer between UDB & external IT Systems. Please, refer to the following public link on how to use eDelivery:Privacy registry can be found here
https://ec.europa.eu/dpo-register/detail/DPR-EC-20608.1digital-building-blocks/sites/display/DIGITAL/eDelivery
Who can see Economic Operators related data:
...
Requirement | Implementation (M=mandatory, R=recommended) |
Access to system functionalities and data shall be restricted to authorised authorized users on the basis of the ‘need to know’ principle. | M |
Authorisation mechanisms6 Authorization mechanisms in the system shall ensure that access is:
| M |
The system owner shall determine access rights associated with differentiated levels of authorisation authorization to access the system data and functionalities. | M |
The access rights shall be determined on the basis of a risk assessment that considers at least: · information Information sensitivity and level of classification – the need to limit access to system data, in line with data classification, general data sensitivity and applicable regulation; and | M |
Determined access rights shall be reviewed periodically to check that they continue to ensure the protection of sensitive non-classified information, the enforcement of process controls and the segregation of incompatible duties. | M |
Access decisions (both positive and negative) following a user access request during a login process shall be logged in order to provide an audit trail. | M |
...