Data Privacy in FAP

CONTACTS

Questions about Data Privacy, contact

GENERIC PRIVACY NOTICES

Additional information about the management of generic Privacy Notices: KB0010460 (English version) and KB0010461 (French version).

SUB-GROUPS ABOUT DATA PRIVACY

Sub-group “Communication”:

Contractors but can be also used as an introduction for Data Privacy.

Cf the videos “Privacy in a nutshell”:

• 1st video: “What is privacy about?”;
• 2nd video: “Controlling and Processing Services”;
• 3rd video: “Data subjects“.

Posters published on CDS and displayed next to the printers: Data Privacy – Secure printing, Data Privacy – Use a shredder and Data Privacy – Use a screen saver.

Sub-group “OC11 impact on the IT applications used at CERN”: 

The main objective of this sub-group is to provide the CERN main IT stakeholders (IT, FAP-BC and SCE) with practical requirements for functionalities supporting OC11 compliance of the concerned services. A survey have been launched in the end of 2023. The replies to the survey were analysed over the summer by the members of the sub-group. The edition of the final report is currently in work and they expect a first draft by the next DPCC meeting.

Sub-group “Privacy by design”: 

The sub-group worked on a training structured in 2 modules, with Module 1 targeting anyone at CERN who processes personal data (mainly acting as data controllers) and Module 2 targeting colleagues who develop software tools/IT processes (mainly acting as data processors). Trainings are available via the CERN Learning Hub:

• Data Privacy by Design and by Default – Module 1;
• Data Privacy by Design and by Default – Module 2.

Sub-group “Retention periods”:

The procedure “Data retention guidelines” is available in the Admin e-guide with an Excel list with recommended retention periods.

Sub-group “Surveys”: 

You will find a list of IT tools to be used for the creation of surveys.

“Guide to creating a survey” on the website of the ODP.

You can use the generic Survey privacy notice for your survey carried out with Microsoft Forms or with other standard tools provided by CERN, provided that the target audience of your survey is CERN internal.
Included are the identification of the target audience using standard filter criteria, the contact via e-mail and the collection of the replies to the survey incl. the login to the tool.

In case the generic privacy notice is not suitable and you don’t have RoPO, you must create a new one covering the invitation, if applicable, and the replies collected through the survey.

PUBLICATION OF NEW GUIDELINES / PROCEDURES / PRIVACY NOTICES

USEFUL INFORMATION

Anonymisation and pseudonymisation

The ODP published the following information on the privacy web site together with relevant definitions and FAQ.

CERNBox

It is recommended to use CERNBox to share personal data. For more information about CERNBox: documentation.

Controlling and Processing Services

Controlling and Processing Services via the ODP website. Processing and Controlling Services via the Admin e-guide.

Data Sharing and Transfers

Data Sharing and Transfers via the ODP website. Do not share CVs and other documents containing personal data by emails. Use CERNBox and don’t forget to delete the documents / emails once the process is ended.

Frequently Asked Questions

FAQ about OC11 on the ODP website.

Management of attachments

When an action is completed (Request or Incident in Service Now, processing of documents containing personal data…), it is recommended to remove attachments containing personal data. FAQ on e-mails via the ODP website.

Privacy Notices

CERN Bulletin article about Privacy Notices: Feeling lost in the maze of privacy notices? Let’s decode them together!

Terminology

Terminology page on the ODP website.

WHERE TO FIND

OTHER DOCUMENTATION

Guide to the UK General Data Protection Regulation (UK GDPR).

CNIL.

Learn more about Data Privacy via the ODP website.