Interoperable Europe logo

BRAIF - Framework for Base Registries Access and Interconnection

BRAIF v2.00

ABR Project Team
Published on: 10/06/2020 Last update: 02/09/2020 Document Archived

ABR Team is pleased to share the Framework for Base Registries Access and Interconnection (BRAIF) with public.

The document proposes a conceptual model for the framework and addresses important topics related to access to base registries and their interconnection, for instance:

  • It sets data governance
  • It explains master data management and metadata management
  • It proposes data architecture, e.g. data flow design
  • It proposes resolution for data quality and data security aspects
  • It also touches technology architecture.

On the long term, this Framework aims to serve as a guidance to Member States on how to grant access to data in base registries and how to interconnect the base registries.

This version of the document will be discussed with public to confirm that it serves the needs of Member States (MS) and address their challenges (e.g. on how to establish a governance model, ensure data quality in base registries, etc.).

Follow the news next week starting the 15th of June;

- Discussion on Joinup on ABR Collection;

- Post on LinkedIn in Joinup Group;

- Public webinar on the 29th of June.

Do you have any comments on Framework? Please share them in the comments section below or send us via email.

Do you have any questions to ABR Team? Contact us via ABR@trasysinternational.com

Categorisation

Type of document
Document

Attachment

SC380_D04.01_Framework for Base Registry Access and Interconnection_v2.00.docx
SC380_D04.01_Framework for Base Registry Access and Interconnection_v2.00.pdf
Report abusive content Share

Shared on

Last update: 28/03/2024

Joinup

eGovernmentLicensingContent and knowledge management
15183
Collection
Last update: 05/07/2024

SEMIC Support Centre

SemanticsStandardisation
420
Collection

Comments

Sebastian SKLARSS Mon, 29/06/2020 - 11:35

Thank you again for this very good paper that definitly benefits from existing work

-> However, I think it needs a bit a "reality EU update and practice check“ beside the general recommendations given.

In this sense I have 4 comments to make:

1.

Comment on "up-to-date" on Page 8  1 Overview it is stated

Here, the term ‘’authoritative’’ implies that information is correct, up-to-date and of the highest possible quality and integrity.

My suggestion is: - in general-  not to stress the link between „up-to-date“ and authoritative base register too much as to my experience it is not always the base register that has the most- up to date information. Other registers might have a more up-to-date information. (e.g German Personalausweisregister or Melderegister has sometimes a latency of several month -> address information has to be changed on the electronic ID , citizen has to be present in the office -> meanwhile he provided a more up-to-date adress in several registers) 

 

2. 

on page 14 - 1.3 VISION AND STRATEGY

typical challenges are mentioned:

My suggestion is: to mention the problem of "project vs. operation" e.g. in 1.3 vision and strategy and perhaps also to mention the persistant URI page of the EU Publications Office regarding the „Interconnecting“ aspect of BRAIF https://data.europa.eu/URI.html  (just a side note to underline this aspect - the first URI is not persistant any longer"

 

3.

In chapter 2.3.3.4 legitimate access needs


Data policy on authorisation and accessibility is based on the national legal frameworks, and it defines legitimate users that can be authorised to access the data in base registries, define types of access rights, etc.;

My suggestion is: to add the word „Consent“ or even „consent management“ as Art. 6 GDPR Lawfulness of processing -> defines the term „consent“ for what you refer to as 

allow individuals to check who used their data, when, and for which purpose

 

4. 

in chapter 2.3.3 "data security" is used a bit to describe data safety issues.  

In order to protect the information assets of the organisation, data security management has to be aligned with..

 

My suggestion is: to clearly separate data security from data safety e.g. by introducing the term "data safety".

ABR Project Team Thu, 06/08/2020 - 13:36

Dear Sebastian,

Thank you for your feedback on the paper!

We have analysed your comments, and we implemented them within the scope of the Action, i.e. this Framework is a high-level paper that will be followed by practical guidelines and examples from various Member States (MS) and EU institutions in the separate Guidelines document, planned to be published by the end of the year.

Thus, here is the reply for your comments:

1. Although there is a challenge in different MS with the data duplication or data quality in various base registries, the aim is to achieve the level of the authoritative base registry to become the correct and up-to-date one. Thus, the Framework should state this;

2. The Framework does not tackle the difference between a project and operations, as it is not its scope, but there will be a section in the Guidelines document with practical examples from EU Institutions and MS, and ABR recommendations on how to differentiate e.g. an EU project with recommendations to follow a PM2 Methodology of the European Commission, etc.;

3. 'To define consent management' with reference to the article on GDPR is added to section 2.1.1.2 Data policies, standards and requirements;

4. A short explanation was added that data security concerns the data protection from the unauthorised use into chapter 2.3.3 Data security. In the 2.3.3.4 Legitimate access needs, it is added under the last bullet that isolating or segregating unencrypted data in online or offline backups for replication and storage concerns data safety (data protection against the loss).

Kind regards,

ABR Team

Login or create an account to comment.