FantasticSearch

1. Member States shall ensure that their Single Point of Contact deploys and operates a single electronic case management system as the repository that allows the Single Point of Contact to carry out its tasks under this Directive. The case management system shall have at least all of the following functions and capabilities:

(a) recording incoming and outgoing requests for information as referred to in Articles 5 and 8 and any other communications relating to such requests with Single Points of Contact and, where applicable, the competent law enforcement authorities of other Member States, including information about refusals of requests for information and requests for and the provision of clarification or specifications as referred to in Article 6(2) and (3) respectively;

(b) recording communications between the Single Point of Contact and the competent law enforcement authorities, pursuant to Article 14(2), point (b);

(c) recording provisions of information to the Single Point of Contact and, where applicable, to the competent law enforcement authorities of other Member States in accordance with Articles 5, 7 and 8;

(d) cross-checking incoming requests for information as referred to in Articles 5 and 8 against information available to the Single Point of Contact, including information provided in accordance with Article 5(3), second subparagraph, and Article 7(3), second subparagraph, and other relevant information recorded in the case management system;

(e) ensuring adequate and rapid follow-up to incoming requests for information as referred to in Article 4, in particular with a view to respecting the time limits for the provision of the requested information set out in Article 5;

(f) be interoperable with SIENA, ensuring, in particular, that incoming communications through SIENA can be directly recorded in, and that outgoing communications through SIENA can be directly sent from, the case management system;

(g) generating statistics in respect of exchanges of information under this Directive for evaluation and monitoring purposes, in particular for the purposes of Article 18;

(h) logging access and other processing operations in relation to the information contained in the case management system, for accountability and cybersecurity purposes, in accordance with Article 25 of Directive (EU) 2016/680.

2. Member States shall ensure that all cybersecurity risks relating to the case management system, in particular as regards its architecture, governance and control, are managed and addressed in a prudent and effective manner and that adequate safeguards against unauthorised access and abuse are provided for.

3. Member States shall ensure that the case management system contains personal data only for as long as it is necessary and proportionate for the Single Point of Contact to carry out the tasks assigned to it under this Directive and that the personal data contained therein are subsequently irrevocably deleted.

4. Member States shall ensure that their Single Point of Contact reviews, for the first time at the latest six months after an exchange of information has concluded and subsequently on a regular basis, compliance with paragraph 3.