<Page under construction>
“If you are responsible for processing personal data on behalf of your institution, you are accountable for what you do, why you do it and the way you do it. This means that you need to make sure that you not only comply with data protection laws, but that you can demonstrate this compliance. One way to demonstrate compliance is to document all processing operations which take place in your institution” [EDPS].
Depending of the level of risk the processing activity, you may have to complete one or more of the following documentation requirements:
- For all the processing operation: the UG has in place a register of the processing operation. For more information consult the Privacy Portal (on My University).
- For high risks process: a Data Protection Impact Assessment (DPIA) may be required.
- Research funders may require you to demonstrate that protection measures and best practices on the processing of personal data are in place. More information on ERC Ethical self-assessment.
|Last modified:||08 May 2019 3.52 p.m.|