Pages

• Activities
  • Conducting a survey
  • Creating a website
  • Organising a congress or a conference
  • Organising a video conference
  • Publishing/complementing data in scientific papers
  • When to set cookies and how to write your cookie policy
• AI
  • Case studies
    • First scenario: building and AI tool devoted to diagnosing COVID-19 disease
      • Business understanding
      • Data preparation
      • Data Understanding
      • Deployment
      • Evaluation (validation)
      • Modeling (training)
    • Second scenario: AI for Crime Prediction and Prevention
      • Business understanding
      • Data preparation
      • Data Understanding
      • Deployment
      • Evaluation (validation)
      • Modeling (training)
  • General exposition
    • Accountability
      • Ethical principles
      • GDPR provisions
    • Annex: Checklists – Compilation
    • Fairness, diversity and non-discrimination
      • Ethical principles
      • GDPR provisions
        • Bias: the causes
        • Resolving biases
    • Human agency and oversight
      • Ethical principles
      • GDPR provisions
    • Privacy and data governance
      • Ethical principles
      • GDPR provisions
        • Data minimization
        • Fairness with respect to data subjects’ rights
        • Lawfulness
        • Purpose limitation
    • Societal and environmental well-being
      • Ethical principles
      • GDPR provisions: legitimacy
    • Technical robustness and safety
      • Accuracy
      • Checklist: technical robustness and safety
      • Fallback plan and general safety
      • Reliability and reproducibility
      • Resilience to attack and security
    • Transparency
      • Ethical and legal issues
      • GDPR provisions: Transparency
  • Step by step
    • Annex I: Auditing AI tools
    • Annex II. Machine learning and artificial intelligence research for patient benefit: 20 critical questions on transparency, replicability, ethics, and effectiveness
    • Business understanding
      • Adopting a risk-based thinking approach
      • Appointing a Data Protection Officer
      • Checking regulatory framework
      • Deciding about your business objectives
      • Defining data storage policies
      • Designing legitimate data processing tools
      • Documenting of processing
      • Implementing a training program
      • Opting for the technical solution
      • Preparing the documenting of processing
    • Checklists
    • Data preparation
      • Ensuring accuracy of personal data
      • Focussing on profiling issues
      • Selecting non-biased data
    • Data understanding
      • Checking legitimate dataset usage
      • Making a decision about the type of data collected
      • Selecting appropriate legal basis for processing
    • Deployment
      • Pay attention to some general remarks
      • Updating information
    • Evaluation (Validation)
      • Deleting unnecessary datasets
      • Introducing processes of dynamic validation
      • Performing external audit of data processing
    • Modeling (Training)
      • Detecting and erasing biases
      • Exercising data subjects rights
      • Implementing data minimization principle
• Biometrics
  • Case study
    • Design Phase
      • Confirm the need to process biometric data
      • Identify the goals and if the activity qualifies as ‘research’
    • Execution Phase
      • Biometric data processing
      • Biometric system testing
      • Biometric system user interface development
      • Dissemination of results
      • Erasure or destruction of data
    • Preparation Phase
      • Appoint a Data Protection Officer (DPO)
      • Create a repository for supporting documentation
      • Identify the data collection approach
      • Identify the most appropriate legal basis
      • Implement risk mitigation measures
      • Perform a DPIA
      • Verify if Data Protection Impact Assessment is necessary
  • Exposition and Step by Step Guidelines
    • Checklists
    • Definitions
      • Biometric data
      • Biometric system
      • Research activity
      • Special categories of personal data
      • Types of biometric data
    • Design phase
      • Confirm the need to process biometric data
      • Identify the goals, if the activity qualifies as ‘research’, and the roles of stakeholders
    • Execution phase
      • Biometric data processing
      • Biometric system and user interface development
      • Biometric system testing
      • Dissemination of results
      • Erasure or destruction of data
    • Preparation phase
      • Appoint a Data Protection Officer
      • Create a repository for supporting documentation
      • Identify the data collection approach
      • Identify the most appropriate legal basis
      • Implement risk mitigating measures
      • Perform a DPIA (if necessary)
      • Verify if a Data Protection Impact Assessment is necessary
• Contact
• Cookie Policy
• Geolocation
  • Address bias
    • Legal issues
  • Annex: Checklists
  • Do not harm
    • Enable mechanisms aimed at notifying data breaches as soon as possible
    • Ensure security
  • Minimize data
    • Do not keep the data longer than strictly needed (storage limitation)
    • Legal issues: Purpose limitation
  • Minimize intrusion
    • If the use of anonymous data is not possible, use the minimal amount of personal data and pseudonymize them
    • Legal issues: Use only the type of data that is strictly necessary
    • Legal issues: using anonymized data instead of personal data
  • Prevent identification of individuals
  • Protect privacy
    • Introduce an adequate privacy policy
    • Protect the users’ rights
  • Protect the vulnerable
    • Ethical and legal issues
  • Provide accountability
    • Data protection Officers (DPOs)
    • Ensure transparency
    • Legal issues
    • Processor due diligence
  • Realize opportunities- Business understanding and data protection plan
    • Be aware of the range of protection of the data involved in the processing
    • Consider what legal basis will allow for the processing of personal data by the device or system
    • Define the goal of your project and the data protection issues involved
    • Introduce a training program on data protection issues for the personnel involved in the design of the device or system
    • Special consideration of consent as a basis for processing
  • Understand impacts
    • General ethical measures to be implemented
    • Legal issues: performing DPIAs
• Glossary
• IoT
  • Accountability and oversight
    • Data Protection Impact Assessment
    • Data Protection Officer
    • Design your Privacy Policy
    • Prepare the documentation of processing
  • Data governance: minimization, purpose limitation and storage limitation principles
    • Minimization principle
    • Purpose limitation
    • Storage limitation
  • Data subjects rights
    • Right of access
    • Right to data portability
    • Right to erasure
    • Right to object
    • Right to rectification
    • Right to restrict the processing
  • Fairness and Transparency
    • Avoid biases
    • Do your best to avoid widening digital division
    • Provide adequate information so as to ensure transparency
  • Human agency (automated decision making and profiling)
    • Automated processing of personal data, profiling, automated decision making: understanding the differences
    • Have a good knowledge of the legal framework regarding profiling
    • Introducing safeguards and minimizing risks
  • Integrity and confidentiality
    • Availability and integrity
    • Be aware of the risks that are intrinsically linked to most IoT systems
    • Perform a security risk analysis
  • Lawfulness: Choosing a legal basis
    • Consent
    • Legitimate interest
    • Performance of a contract
    • Public interest and the scientific research framework
  • Project Understanding
    • Define the data protection roles played by all agents involved in the processing: determination of controllers and processors
    • Implement a training program in ethical and legal issues for IoT developers and other relevant stakeholders
    • Make sure that your project is compatible with the data protection framework
    • Promote end-users engagement
• Legal notice
• PANELFIT GUIDELINES
• Privacy Policy
• Security and Cybersecurity
  • Cybersec4Europe
  • Cybersecurity – The Concept
  • Managing Information Security
• Sitemap
• Social networks
  • Accountability and oversight
    • Data protection Impact Assessment
    • Data Protection Officer
    • Design your Privacy Policy and prepare the documentation of processing
  • Choosing a legal basis for further processing
    • Consent
    • Legitimate interest
    • Public interest and the scientific research framework
  • Data governance: minimization, purpose limitation and storage limitation principles
    • Minimization principle
    • Purpose limitation
    • Storage limitation
  • Data subjects rights
    • Right of access
    • Right to data portability
    • Right to erasure
    • Right to object
    • Right to Rectification
    • Right to restrict the processing
  • Fairness and Transparency issues
    • Biases
    • Transparency
  • Gaining access to data. Some essential tips
    • Gaining access to data from a social network: some essential tips
    • Public domain does not mean public data!
  • Integrity and confidentiality
    • Availability and integrity
    • Perform a security risk analysis
  • Introduction to social networks and data protection issues
    • Categories of data collected through social media
    • Challenges
    • Main concepts
    • Types of data that can be collected through social networks
  • Preliminary steps: the crucial issues to be considered
    • Define the roles played by all agents involved in the processing
    • Implement a training program in ethical and legal issues for ICT developers and other relevant stakeholders
    • Make sure that your Project is compatible with the fundamental values of the EU
    • Prepare the contracts with the social network and (in case) with the joint controllers, processors, etc. and document them
    • Promote end-users engagement
• The GDPR
  • Data Subjects’ Rights
    • Checklists
    • Restrictions to the Data Subjects’ Rights
    • Right not to be Subject to Automated Decision-Making
    • Right of Access
    • Right to Data Portability
    • Right to Erasure (‘Right to be forgotten’)
    • Right to Information
    • Right to Object
    • Right to Rectification
    • Right to Restriction of Processing
  • Main Actors
    • Controller
    • Data Protection Officer (DPO)
    • Data Subjects
    • European Data Protection Board (EDPB)
    • European Data Protection Supervisor (EDPS)
    • Joint controller
    • Processor
    • Recipient
    • Supervisory Authority
    • Third party
  • Main Concepts
    • Data processing
    • Data processing for purposes of archiving in the public interest, scientific or historical research purposes or statistical purposes
      • Appropriate safeguards to be adopted pursuant Article 89(1)
      • Conceptual issues: legal basis for processing
      • Derogations to certain rights of the data subjects pursuant Article 89
      • Further Reading
      • Key Points
      • Notions in the context of the EU regulatory framework
      • Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and the right to information
      • Purpose compatibility
      • Storage limitation
      • Which data does Article 89 cover?
    • Data Protection by Design and by Default (DPbDD)
      • Analysis of Article 25. Data protection by design
        • Determining the means
        • Effectiveness of measures
        • Overview and main obligation for controllers
        • Processing itself
        • Processing operations in the GDPR
        • Re-determining the means during operational processing
        • The phases of processing in the GDPR
      • Analysis of Data Protection by Default in Art. 25(2) GDPR
      • Applying data protection principles in the different phases of processing
        • Determining the Means
        • Determining the Purposes
        • Processing itself
      • Guidelines by the European Data Protection Board
      • The scope of DPbDD
    • Identification, Pseudonymization, and Anonymization
      • Anonymization
        • Comparison of anonymous with strictly pseudonymous data
        • Concepts relevant to anonymization
        • Definition of Anonymous
        • Do anonymous data exist?
        • Functional description of (successful or attempted) anonymization
        • Options to deal with presumed anonymous data?
      • Identification
        • Definition of Identification
        • Reducing the identification potential of data
        • Some underlying concepts
      • Pseudonymization
        • Data pseudonymization in detail
        • Definition of Pseudonymization in the GDPR
        • Different types of (re-) identification
        • Motivation to use pseudonymization
        • Pseudonymization and Art. 11 GDPR
        • Some concepts relevant to pseudonymization
        • Technical and organizational measures for pseudonymization
        • The context of pseudonymization
    • Personal data
  • Main Principles
    • Accountability
      • Description
      • Related articles and recitals
      • Related technical and organizational measures
    • Accuracy
      • Description
      • Related articles and recitals
      • Related technical and organizational measures
    • Data minimization
      • Description
      • Related articles and recitals
      • Related technical and organizational measures
    • Integrity and confidentiality
      • Description
      • Related articles and recitals
      • Related technical and organizational measures
    • Lawfulness, fairness and transparency
      • Description
      • Related articles and recitals
      • Related technical and organizational measures
    • Purpose limitation
      • Description
      • Related articles and recitals
      • Related technical and organizational measures
    • Storage limitation
      • Description
      • Related articles and recitals
      • Related technical and organizational measures
  • Main Tools and Actions
    • Creating or gaining access to a database
      • Agreements
      • Check List
      • Disclosure of data for research purposes and the purpose limitation principle
      • DON’Ts
      • DOs
      • Further Reading
      • Paying for access/asking for payment: the legal issues
      • Territorial scope of the data
      • Value in the structure: Sui generis database rights
    • Data Management Plan (DMP)
      • Check List
      • DON’Ts
      • Dos
    • Data Protection Impact Assessment (DPIA)
      • At what point in time does the DPIA need to be carried out/updated?
      • How is a DPIA different from a security assessment?
      • In what cases must I carry out a DPIA? Are there lists of processing activities that require a DPIA?
      • Is there a standardized method for carrying out a DPIA? Are there outlines, templates or tools in support of carrying out a DPIA?
      • What are the purposes of a DPIA?
      • What can facilitate carrying out a DPIA?
      • What happens if I do not carry it out? What are the possible consequences?
      • What is a DPIA?
      • What is the intended audience of a DPIA report?
      • Who is responsible for carrying out a DPIA? Who should be involved in carrying out a DPIA?
    • Documentation of processing personal data
      • Additional documentation pertaining to a single processing activity
      • Records of Processing
    • Legitimate interest and balancing test
      • Check List
      • Don’ts
      • Dos
    • Sharing processed data with other researchers
    • Transfers of data to third countries or international organisations (international transfers)
• Understanding Data Protection
  • Data protection in the law
  • For which purposes is processing allowed?
  • Purpose of this introduction
  • The notion of risk
  • The problem that data protection addresses
  • What are the conditions for the implementation of processing?
  • What is the basic structure of the GDPR?