Data Privacy in FAP
CONTACTS
| Questions about Data Privacy, contact |
GENERIC PRIVACY NOTICES
SUB-GROUPS ABOUT DATA PRIVACY
Sub-group “Communication”:
Contractors but can be also used as an introduction for Data Privacy.
Cf the videos “Privacy in a nutshell”:
- 1st video: “What is privacy about?”;
- 2nd video: “Controlling and Processing Services”;
- 3rd video: “Data subjects“.
Posters published on CDS and displayed next to the printers: Data Privacy – Secure printing, Data Privacy – Use a shredder and Data Privacy – Use a screen saver.
Sub-group “OC11 impact on the IT applications used at CERN”:
The main objective of this sub-group is to provide the CERN main IT stakeholders (IT, FAP-BC and SCE) with practical requirements for functionalities supporting OC11 compliance of the concerned services. A survey have been launched in the end of 2023. The replies to the survey were analysed over the summer by the members of the sub-group. The edition of the final report is currently in work and they expect a first draft by the next DPCC meeting.
Sub-group “Privacy by design”:
The sub-group worked on a training structured in 2 modules, with Module 1 targeting anyone at CERN who processes personal data (mainly acting as data controllers) and Module 2 targeting colleagues who develop software tools/IT processes (mainly acting as data processors). Trainings are available via the CERN Learning Hub:
Sub-group “Retention periods”:
The procedure “Data retention guidelines” is available in the Admin e-guide with an Excel list with recommended retention periods.
Sub-group “Surveys”:
You will find a list of IT tools to be used for the creation of surveys.
“Guide to creating a survey” on the website of the ODP.
You can use the generic Survey privacy notice for your survey carried out with Microsoft Forms or with other standard tools provided by CERN, provided that the target audience of your survey is CERN internal.
Included are the identification of the target audience using standard filter criteria, the contact via e-mail and the collection of the replies to the survey incl. the login to the tool.
In case the generic privacy notice is not suitable and you don’t have RoPO, you must create a new one covering the invitation, if applicable, and the replies collected through the survey.
PUBLICATION OF NEW GUIDELINES / PROCEDURES / PRIVACY NOTICES
CERN Official news
On the Data Privacy’s website
On the Admin e-guide
“Data breach response procedure“
“Data Privacy Impact Assessment”.
A privacy notice (published RoPO) is a document that provides information on the processing activities carried out by a Controlling Service. It describes how the Controlling Service collects, uses, retains and discloses the personal information) are available via ServiceNow under Service Elements’ names.

“Processing and Controlling services”:
In practice, the Controlling Service decides what data is to be collected, what will be done with it and why (purpose, legal basis, retention period, transfer etc.). The Processing Service executes the processing operation requested by the Controlling Service and does not take initiative regarding establishing or changing the purposes or means of the processing operation.
USEFUL INFORMATION
| Anonymisation and pseudonymisation |
| The ODP published the following information on the privacy web site together with relevant definitions and FAQ. |
| CERNBox |
| It is recommended to use CERNBox to share personal data. For more information about CERNBox: documentation. |
| Controlling and Processing Services |
| Controlling and Processing Services via the ODP website. Processing and Controlling Services via the Admin e-guide. |
| Data Sharing and Transfers |
| Data Sharing and Transfers via the ODP website. Do not share CVs and other documents containing personal data by emails. Use CERNBox and don’t forget to delete the documents / emails once the process is ended. |
| Frequently Asked Questions |
| FAQ about OC11 on the ODP website. |
| Management of attachments |
| When an action is completed (Request or Incident in Service Now, processing of documents containing personal data…), it is recommended to remove attachments containing personal data. FAQ on e-mails via the ODP website. |
| Privacy Notices |
| CERN Bulletin article about Privacy Notices: Feeling lost in the maze of privacy notices? Let’s decode them together! |
| Terminology |
| Terminology page on the ODP website. |
WHERE TO FIND
Website of CERN’s Office of Data Privacy
Admin e-guide and Internal administration
Operational Circular No 11
Minutes of the Data Privacy Coordination Committee
Minutes (available only to staff and fellows).
Data privacy Basics – elearning – 20 mn with a quiz (mandatory)
Respecting Privacy in the processing of personal data at CERN
KBs about Data Privacy Protection