European Commission Directorate - General for Informatics Directorate D – Digital Services DIGIT D2 - Interoperability D05.01 Updated Guidelines ISA2 Action 2016.28: Access to Base Registries Specific Contract n° 380 under Framework Contract n° DI/07624 - ABCIV Lot 3 Date: 17/12/2020 Doc. Version: 1.00 DOCUMENT CONTROL INFORMATION Settings Value Document Title: D05.01.Updated Guidelines Specific Contract n° 380 under Framework Contract n° DI/07624 - ABCIV Lot 3: Project Title: ISA² - Action 2016.28: Access to Base Registries Ksenia Bocharova Patrice-Emmanuel Schmitz Document Author(s): Anastasios Kyrezopoulos Anastasia Sofou Project Owner (European Natalia Aristimuno Perez Commission): Project Manager Peter Burian (European Commission): Contractor’s Project Ksenia Bocharova Manager (CPM): Doc. Version: 1.00 Sensitivity: Public Date: 17/12/2020 Revision History Date Version Description Author(s) Reviewed by Restructure the document according 11/08/2020 0.01 Ksenia Bocharova - to Framework v2.00 Review outdated content in the 18/08/2020 0.02 Ksenia Bocharova - document Re-write according to decision 42 21/08/2020 0.03 Ksenia Bocharova Petro Dudi (PPR M2) 04/09/2020 0.04 Technical Writer review Petro Dudi Ksenia Bocharova Page 2 of 82 Review of content to re-work the 14/09/20 0.05 document according to PM Ksenia Bocharova Ludovic Mayot requirements Patrice-Emmanuel 14/09/20 0.06 Elaboration of Legal Section. Ksenia Bocharova Schmitz 15/09/20 0.07 Submission to PM for review. Ksenia Bocharova Peter Burian Review of PM’ feedback. Assign 06/10/20 0.08 resources to address technical Ksenia Bocharova - comments. Anastasios Elaboration of new API sub-section Kyrezopoulos 27/10/20 0.09 Peter Burian and re-work of Semantic section. Anastasia Sofou Anastasios Implementation of PM’ comments on Kyrezopoulos 16/11/20 0.10 API’s sub-section and Semantic Ksenia Bocharova section. Anastasia Sofou Update of document to include content 20/11/20 0.11 from interviews with MS, public Ksenia Bocharova - webinars, update conclusions. 20/11/20 0.12 Submission to PM for final review. Ksenia Bocharova Peter Burian Implementation of comments from PM Anastasios 14/12/20 0.13 Petro Dudi on Architecture section Kyrezopoulos 16/12/20 0.14 Quality review Petro Dudi Ludovic Mayot 17/12/20 1.00 Submit to PM for approval Ksenia Bocharova Peter Burian Page 3 of 82 Disclaimer This deliverable was prepared for the European Commission by Trasys International under SC380 and it is the ownership of the European Commission. The views expressed in this document are purely those of the authors and may not, in any circumstances, be interpreted as stating an official position of the European Commission. The European Commission does not guarantee the accuracy of the information included in this document, nor does it accept any responsibility for any use thereof. Reference herein to any specific products, specifications, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favouring by the European Commission. All care has been taken by the authors to ensure that they have obtained, where necessary, permission to use any parts of manuscripts including illustrations, maps, and graphs, on which intellectual property rights already exist from the titular holder(s) of such rights or from her/his or their legal representative. © European Union, 2020 Page 4 of 82 TABLE OF CONTENTS INTRODUCTION ...................................................................................................................................................... 7 OVERVIEW .............................................................................................................................................................. 8 DATA TERMINOLOGY & DEFINITIONS .......................................................................................................................... 9 SCOPE AND TARGET AUDIENCE ................................................................................................................................ 10 1. LEGAL ASPECTS OF ACCESS TO BASE REGISTRIES ............................................................................. 12 APPLICABLE LAW AND GUIDELINES ........................................................................................................................... 12 EU and national law applicable to Base Registries .............................................................................................. 12 Impact of data protection regulation ..................................................................................................................... 13 Data transfers to third countries ........................................................................................................................... 15 Other relevant EU legal principles ....................................................................................................................... 16 ABR PRACTICES ................................................................................................................................................... 16 The experience of Trans-European Systems (TES) ............................................................................................ 16 National Interoperability Strategies (NIS) ............................................................................................................. 18 Cross-border Interoperability Strategy (the X-Road case) ................................................................................... 19 POINTS TO CONSIDER IN ABR LEGISLATION .............................................................................................................. 21 2. COMMON GOVERNANCE AND STRATEGY ............................................................................................... 25 DATA GOVERNANCE .............................................................................................................................................. 25 Structure: Define and establish a common data governance model .................................................................... 26 Roles: Clearly define responsibilities and liabilities .............................................................................................. 30 DATA POLICIES...................................................................................................................................................... 32 Data Policy on Authorisation and Accesibility: Ensure the right users access original and authentic data .......... 32 Data Protection Policy: Ensure that data protection laws are enforced ............................................................... 35 Data Security Policy: Ensure the security of the data access and its communication .......................................... 36 Data Quality Policy: Ensure and control the quality of the data by all means ...................................................... 36 3. STANDARDS AND LEAN PROCESSES ....................................................................................................... 40 ORGANISATIONAL INTEROPERABILITY ....................................................................................................................... 40 Envision the global (holistic) organisational picture ............................................................................................. 41 Establish interoperability agreements to ensure base registries and public services sustainability ..................... 42 CHANGE MANAGEMENT .......................................................................................................................................... 44 Draft a change management plan ........................................................................................................................ 44 Implement and release change requests ............................................................................................................. 45 Other aspects to consider in change management .............................................................................................. 46 BUSINESS CONTINUITY ........................................................................................................................................... 46 Ensure digital preservation and permanent access to data ................................................................................. 47 Agree on flexible data availability levels .............................................................................................................. 47 4. COMMON DATA MODELS AND MASTER DATA ........................................................................................ 49 MASTER DATA MANAGEMENT ................................................................................................................................. 49 Define an MDM style ........................................................................................................................................... 50 Define data types and their management approach ............................................................................................ 53 Identify the instances of your master data uniquely and unambiguously ............................................................. 54 SEMANTIC DATA MODELS AND STANDARDS................................................................................................................ 56 Page