Pages
- Activities
- AI
- Case studies
- General exposition
- Step by step
- Annex I: Auditing AI tools
- Annex II. Machine learning and artificial intelligence research for patient benefit: 20 critical questions on transparency, replicability, ethics, and effectiveness
- Business understanding
- Adopting a risk-based thinking approach
- Appointing a Data Protection Officer
- Checking regulatory framework
- Deciding about your business objectives
- Defining data storage policies
- Designing legitimate data processing tools
- Documenting of processing
- Implementing a training program
- Opting for the technical solution
- Preparing the documenting of processing
- Checklists
- Data preparation
- Data understanding
- Deployment
- Evaluation (Validation)
- Modeling (Training)
- Biometrics
- Contact
- Cookie Policy
- Geolocation
- Address bias
- Annex: Checklists
- Do not harm
- Minimize data
- Minimize intrusion
- Prevent identification of individuals
- Protect privacy
- Protect the vulnerable
- Provide accountability
- Realize opportunities- Business understanding and data protection plan
- Be aware of the range of protection of the data involved in the processing
- Consider what legal basis will allow for the processing of personal data by the device or system
- Define the goal of your project and the data protection issues involved
- Introduce a training program on data protection issues for the personnel involved in the design of the device or system
- Special consideration of consent as a basis for processing
- Understand impacts
- Glossary
- IoT
- Accountability and oversight
- Data governance: minimization, purpose limitation and storage limitation principles
- Data subjects rights
- Fairness and Transparency
- Human agency (automated decision making and profiling)
- Integrity and confidentiality
- Lawfulness: Choosing a legal basis
- Project Understanding
- Define the data protection roles played by all agents involved in the processing: determination of controllers and processors
- Implement a training program in ethical and legal issues for IoT developers and other relevant stakeholders
- Make sure that your project is compatible with the data protection framework
- Promote end-users engagement
- Legal notice
- PANELFIT GUIDELINES
- Privacy Policy
- Security and Cybersecurity
- Sitemap
- Social networks
- Accountability and oversight
- Choosing a legal basis for further processing
- Data governance: minimization, purpose limitation and storage limitation principles
- Data subjects rights
- Fairness and Transparency issues
- Gaining access to data. Some essential tips
- Integrity and confidentiality
- Introduction to social networks and data protection issues
- Preliminary steps: the crucial issues to be considered
- Define the roles played by all agents involved in the processing
- Implement a training program in ethical and legal issues for ICT developers and other relevant stakeholders
- Make sure that your Project is compatible with the fundamental values of the EU
- Prepare the contracts with the social network and (in case) with the joint controllers, processors, etc. and document them
- Promote end-users engagement
- The GDPR
- Data Subjects’ Rights
- Main Actors
- Main Concepts
- Data processing
- Data processing for purposes of archiving in the public interest, scientific or historical research purposes or statistical purposes
- Appropriate safeguards to be adopted pursuant Article 89(1)
- Conceptual issues: legal basis for processing
- Derogations to certain rights of the data subjects pursuant Article 89
- Further Reading
- Key Points
- Notions in the context of the EU regulatory framework
- Processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes and the right to information
- Purpose compatibility
- Storage limitation
- Which data does Article 89 cover?
- Data Protection by Design and by Default (DPbDD)
- Identification, Pseudonymization, and Anonymization
- Anonymization
- Identification
- Pseudonymization
- Data pseudonymization in detail
- Definition of Pseudonymization in the GDPR
- Different types of (re-) identification
- Motivation to use pseudonymization
- Pseudonymization and Art. 11 GDPR
- Some concepts relevant to pseudonymization
- Technical and organizational measures for pseudonymization
- The context of pseudonymization
- Personal data
- Main Principles
- Main Tools and Actions
- Creating or gaining access to a database
- Data Management Plan (DMP)
- Data Protection Impact Assessment (DPIA)
- At what point in time does the DPIA need to be carried out/updated?
- How is a DPIA different from a security assessment?
- In what cases must I carry out a DPIA? Are there lists of processing activities that require a DPIA?
- Is there a standardized method for carrying out a DPIA? Are there outlines, templates or tools in support of carrying out a DPIA?
- What are the purposes of a DPIA?
- What can facilitate carrying out a DPIA?
- What happens if I do not carry it out? What are the possible consequences?
- What is a DPIA?
- What is the intended audience of a DPIA report?
- Who is responsible for carrying out a DPIA? Who should be involved in carrying out a DPIA?
- Documentation of processing personal data
- Legitimate interest and balancing test
- Sharing processed data with other researchers
- Transfers of data to third countries or international organisations (international transfers)
- Understanding Data Protection