Questions about Data Privacy, contact

Additional information about the management of generic Privacy Notices: KB0010460 (English version) and KB0010461 (French version).

Sub-group “Communication”:

Contractors but can be also used as an introduction for Data Privacy.

Cf the videos “Privacy in a nutshell”:

• 1st video: “What is privacy about?”;
• 2nd video: “Controlling and Processing Services”;
• 3rd video: “Data subjects“.

Posters published on CDS and displayed next to the printers: Data Privacy – Secure printing, Data Privacy – Use a shredder and Data Privacy – Use a screen saver.

Sub-group “OC11 impact on the IT applications used at CERN”: 

The main objective of this sub-group is to provide the CERN main IT stakeholders (IT, FAP-BC and SCE) with practical requirements for functionalities supporting OC11 compliance of the concerned services. A survey have been launched in the end of 2023. The replies to the survey were analysed over the summer by the members of the sub-group. The final report have been presented to the IT tool owners concerned and management has been contacted for higher level decision taking based on the results. The report is now published on CDS and available for information only.

Sub-group “Privacy by design”: 

The sub-group worked on a training structured in 2 modules, with Module 1 targeting anyone at CERN who processes personal data (mainly acting as data controllers) and Module 2 targeting colleagues who develop software tools/IT processes (mainly acting as data processors). Trainings are available via the CERN Learning Hub:

• Data Privacy by Design and by Default – Module 1;
• Data Privacy by Design and by Default – Module 2.

Sub-group “Retention periods”:

The procedure “Data retention guidelines” is available in the Admin e-guide with an Excel list with recommended retention periods.

Sub-group “Surveys”: 

You will find a list of IT tools to be used for the creation of surveys.

“Guide to creating a survey” on the website of the ODP.

You can use the generic Survey privacy notice for your survey carried out with Microsoft Forms or with other standard tools provided by CERN, provided that the target audience of your survey is CERN internal.
Included are the identification of the target audience using standard filter criteria, the contact via e-mail and the collection of the replies to the survey incl. the login to the tool.

In case the generic privacy notice is not suitable and you don’t have RoPO, you must create a new one covering the invitation, if applicable, and the replies collected through the survey.

Anonymisation and pseudonymisation

The ODP published the following information on the privacy web site together with relevant definitions and FAQ.

CERNBox

It is recommended to use CERNBox to share personal data. For more information about CERNBox: documentation.

Controlling and Processing Services

Controlling and Processing Services via the ODP website. Processing and Controlling Services via the Admin e-guide.

Data Privacy Impact Assessment (DPIA)

Data Privacy Impact Assessment via the ODP website Data Privacy Impact Assessment via the Admin e-guide

Data Sharing and Transfers

Data Sharing and Transfers via the ODP website. Do not share CVs and other documents containing personal data by emails. Use CERNBox and don’t forget to delete the documents / emails once the process is ended.

Frequently Asked Questions

FAQ about OC11 on the ODP website.

Leaflet for Data Privacy

French version / English version

Management of attachments

When an action is completed (Request or Incident in Service Now, processing of documents containing personal data…), it is recommended to remove attachments containing personal data. FAQ on e-mails via the ODP website.

Privacy Notices

CERN Bulletin article about Privacy Notices: Feeling lost in the maze of privacy notices? Let’s decode them together!

Terminology

Terminology page on the ODP website.

Guide to the UK General Data Protection Regulation (UK GDPR).

CNIL.

Learn more about Data Privacy via the ODP website.