Updated on 13.11.2024. |
|
Questions about Data Privacy, contact me or the Office of Data Privacy. |
GENERIC PRIVACY NOTICES |
---|
Roles covered by the generic Privacy Notices: Action covered by the generic Privacy Notices:
|
SUB-GROUPS ABOUT DATA PRIVACY |
---|
Sub-group “Communication”:
|
Sub-group “OC11 impact on the IT applications used at CERN”: The main objective of this sub-group is to provide the CERN main IT stakeholders (IT, FAP-BC and SCE) with practical requirements for functionalities supporting OC11 compliance of the concerned services. A survey have been launched in the end of 2023. The replies to the survey were analysed over the summer by the members of the sub-group. The edition of the final report is currently in work and they expect a first draft by the next DPCC meeting. |
Sub-group “Privacy by design”: The sub-group worked on a training structured in 2 modules, with Module 1 targeting anyone at CERN who processes personal data (mainly acting as data controllers) and Module 2 targeting colleagues who develop software tools/IT processes (mainly acting as data processors). Trainings are available via the CERN Learning Hub: |
Sub-group “Retention periods”: The procedure “Data retention guidelines” is available in the Admin e-guide with an Excel list with recommended retention periods. |
Sub-group “Surveys”:
You can use the generic Survey privacy notice for your survey carried out with Microsoft Forms or with other standard tools provided by CERN, provided that the target audience of your survey is CERN internal. In case the generic privacy notice is not suitable and you don’t have RoPO, you must create a new one covering the invitation, if applicable, and the replies collected through the survey. |
PUBLICATION OF NEW GUIDELINES / PROCEDURES / PRIVACY NOTICES |
---|
“Handling of requests of Data Subjects to exercise their rights - Guidelines for Controlling Services”. | on the Admin e-guide |
“Data Privacy Impact Assessment”. | on the Admin e-guide |
“Privacy Notice”: A privacy notice (published RoPO) is a document that provides information on the processing activities carried out by a Controlling Service. It describes how the Controlling Service collects, uses, retains and discloses the personal information) are available via ServiceNow under Service Elements’ names.
|
on the Admin e-guide |
“Processing and Controlling services”:
In practice, the Controlling Service decides what data is to be collected, what will be done with it and why (purpose, legal basis, retention period, transfer etc.). The Processing Service executes the processing operation requested by the Controlling Service and does not take initiative regarding establishing or changing the purposes or means of the processing operation. |
on the Admin e-guide |
USEFUL INFORMATION |
---|
Anonymisation and pseudonymisation |
The ODP published the following information on the privacy web site together with relevant definitions and FAQ.
CERNBox |
It is recommended to use CERNBox to share personal data. For more information about CERNBox: documentation.
Controlling and Processing Services |
Controlling and Processing Services via the ODP website.
Processing and Controlling Services via the Admin e-guide.
Data Sharing and Transfers |
Data Sharing and Transfers via the ODP website.
Do not share CVs and other documents containing personal data by emails. Use CERNBox and don't forget to delete the documents / emails once the process is ended.
Frequently Asked Questions |
FAQ about OC11 on the ODP website.
Management of attachments |
When an action is completed (Request or Incident in Service Now, processing of documents containing personal data…), it is recommended to remove attachments containing personal data.
FAQ on e-mails via the ODP website.
Terminology |
Terminology page on the ODP website.
WHERE TO FIND |
---|
Website of CERN's Office of Data Privacy |
||
Admin e-guide and Internal administration | Processing of Personal Data | |
Operational Circular No 11 |
“The Processing of Personal Data at CERN” - Annexes and “Traitement des données à caractère personnel au CERN” - Annexes. |
|
Minutes of the Data Privacy Coordination Committee | Minutes (available only to staff and fellows). | |
Data privacy Basics – elearning – 20 mn with a quiz (mandatory) | https://lms.cern.ch/ekp/servlet/ekp?PX=N&TEACHREVIEW=N&PTX=&CID=EKP000043773&TX=FORMAT1&LANGUAGE_TAG=en&DECORATEPAGE=N | |
Respecting Privacy in the processing of personal data at CERN | https://lms.cern.ch/ekp/servlet/ekp?PX=N&TEACHREVIEW=N&PTX=&CID=EKP000043046&TX=FORMAT1&LANGUAGE_TAG=en&DECORATEPAGE=N | |
KBs about Data Privacy Protection | https://cern.service-now.com/service-portal?id=kb_category&kb_category=93ccabb71b087050f9c6dd318b4bcb22 |
OTHER DOCUMENTATION |
---|
- Guide to the UK General Data Protection Regulation (UK GDPR).
- CNIL.
- Learn more about Data Privacy via the ODP website.