Data Privacy in FAP

New publication

   Updated on 13.11.2024.

Questions about Data Privacy   Questions about Data Privacy, contact me or the Office of Data Privacy.

 

GENERIC PRIVACY NOTICES

Roles covered by the generic Privacy Notices:

  • DAO, DPO, DTO, GAO, SL and GL: PN01519.
  • Departmental Space Manager (DSM): PN01489.

Action covered by the generic Privacy Notices:

 

 

SUB-GROUPS ABOUT DATA PRIVACY

Sub-group “Communication”: 

 

Sub-group “OC11 impact on the IT applications used at CERN”: 

The main objective of this sub-group is to provide the CERN main IT stakeholders (IT, FAP-BC and SCE) with practical requirements for functionalities supporting OC11 compliance of the concerned services. A survey have been launched in the end of 2023. The replies to the survey were analysed over the summer by the members of the sub-group. The edition of the final report is currently in work and they expect a first draft by the next DPCC meeting.

 

Sub-group “Privacy by design”: 

The sub-group worked on a training structured in 2 modules, with Module 1 targeting anyone at CERN who processes personal data (mainly acting as data controllers) and Module 2 targeting colleagues who develop software tools/IT processes (mainly acting as data processors). Trainings are available via the CERN Learning Hub:

 

Sub-group “Retention periods”: 

The procedure “Data retention guidelines” is available in the Admin e-guide with an Excel list with recommended retention periods.

 

Sub-group “Surveys”: 

You can use the generic Survey privacy notice for your survey carried out with Microsoft Forms or with other standard tools provided by CERN, provided that the target audience of your survey is CERN internal.
Included are the identification of the target audience using standard filter criteria, the contact via e-mail and the collection of the replies to the survey incl. the login to the tool.

In case the generic privacy notice is not suitable and you don’t have RoPO, you must create a new one covering the invitation, if applicable, and the replies collected through the survey.

 

PUBLICATION OF NEW GUIDELINES / PROCEDURES / PRIVACY NOTICES
Handling of requests of Data Subjects to exercise their rights - Guidelines for Controlling Services”. on the Admin e-guide
Data Privacy Impact Assessment”. on the Admin e-guide
Privacy Notice”:
A privacy notice (published RoPO) is a document that provides information on the processing activities carried out by a Controlling Service. It describes how the Controlling Service collects, uses, retains and discloses the personal information) are available via ServiceNow under Service Elements’ names.

 

PNs vs SNow
on the Admin e-guide
Processing and Controlling services”: 

In practice, the Controlling Service decides what data is to be collected, what will be done with it and why (purpose, legal basis, retention period, transfer etc.). The Processing Service executes the processing operation requested by the Controlling Service and does not take initiative regarding establishing or changing the purposes or means of the processing operation.

on the Admin e-guide

 

USEFUL INFORMATION
Anonymisation and pseudonymisation

 

The ODP published the following information on the privacy web site together with relevant definitions and FAQ. 

 

CERNBox

 

It is recommended to use CERNBox to share personal data. For more information about CERNBox: documentation.

 

Controlling and Processing Services

 

Controlling and Processing Services via the ODP website.

Processing and Controlling Services via the Admin e-guide.

 

Data Sharing and Transfers

 

Data Sharing and Transfers via the ODP website.

Do not share CVs and other documents containing personal data by emails. Use CERNBox and don't forget to delete the documents / emails once the process is ended.

 

Frequently Asked Questions

 

FAQ about OC11 on the ODP website.

 

Management of attachments

 

When an action is completed (Request or Incident in Service Now, processing of documents containing personal data…), it is recommended to remove attachments containing personal data.

FAQ on e-mails via the ODP website.

 

Terminology

 

Terminology page on the ODP website.

 

WHERE TO FIND

Website of CERN's Office of Data Privacy

https://privacy.web.cern.ch/

Admin e-guide and Internal administration Processing of Personal Data
Operational Circular No 11

The Processing of Personal Data at CERN” - Annexes and 

Traitement des données à caractère personnel au CERN” - Annexes.

Minutes of the Data Privacy Coordination Committee Minutes (available only to staff and fellows).
Data privacy Basics – elearning – 20 mn with a quiz (mandatory) https://lms.cern.ch/ekp/servlet/ekp?PX=N&TEACHREVIEW=N&PTX=&CID=EKP000043773&TX=FORMAT1&LANGUAGE_TAG=en&DECORATEPAGE=N
Respecting Privacy in the processing of personal data at CERN https://lms.cern.ch/ekp/servlet/ekp?PX=N&TEACHREVIEW=N&PTX=&CID=EKP000043046&TX=FORMAT1&LANGUAGE_TAG=en&DECORATEPAGE=N
KBs about Data Privacy Protection https://cern.service-now.com/service-portal?id=kb_category&kb_category=93ccabb71b087050f9c6dd318b4bcb22

 

OTHER DOCUMENTATION

 

Please sign-in to access all information available.

array('title' => t('Sign in to your CERN account'), 'class' => 'cern-account'))); ?>
Updated on: 13/11/2024