Article 4Operation of SFC2014
1.
The Commission and the competent authorities referred to in Article 25 of Regulation (EU) No 514/2014 shall enter into SFC2014 the information for the transmission of which they are responsible, and any updates thereto.
2.
Any transmission of information to the Commission shall be verified and submitted by a person other than the person who entered the data for that transmission. This separation of tasks shall be supported by SFC2014 or by the Member State's management and control information systems connected automatically with SFC2014.
3.
Member States shall appoint, at national or regional level or at both national and regional levels, one or more persons responsible for managing access rights to SFC2014. Those persons shall fulfil the following tasks:
(a)
identifying users requesting access, making sure those users are employed by the organisation;
(b)
informing users about their obligations to preserve the security of the system;
(c)
verifying the entitlement of users to the required privilege level in relation to their tasks and their hierarchical position;
(d)
requesting the termination of access rights when those access rights are no longer needed or justified;
(e)
promptly reporting suspicious events that may undermine the security of the system;
(f)
ensuring the continued accuracy of user identification data by reporting any changes;
(g)
taking the necessary data protection and commercial confidentiality precautions in accordance with applicable Union and national rules; and
(h)
informing the Commission of any changes affecting the capacity of the Member State authorities or users of SFC2014 to carry out the responsibilities referred to in paragraph 1 or their personal capacity to carry out the responsibilities referred to in points (a) to (g).