Print this page

Privacy and data protection

Do you suspect a security incident or data breach? Always report it!

What is privacy and what is the GDPR?

Privacy is a shield that helps you to protect your personal data; it gives you the choice what you do and do not share with others. Privacy is therefore the right to protect your personal life. This right is one of the general human rights: the right not to be subjected to arbitrary interference in personal affairs. In addition, since 25 May 2018, there is the General Data Protection Regulation (GDPR) across Europe. The GDPR is the European privacy law that protects personal data of all European citizens. By a 'personal data' we mean 'any information about an identified or identifiable natural person or information that can be traced back to a natural person'. The GDPR prescribes how organisations such as NWO-I should handle personal data. NWO-I must be able to demonstrate that it adheres to the GDPR. One of the important responsibilities is that NWO-I informs as well as possible the people whose personal data the organisation processes.

Privacy policy

NWO-I handles all personal data with care. This includes personal data in the broadest sense of the word: personal data in the context of research by NWO institutes and personal data of employees, but also, for example, data of users of research facilities. The privacy policy of NWO-I describes to staff and other parties involved how NWO-I handles personal data. One of the objectives is also to raise awareness of the importance and necessity of protecting personal data.

GDPR within NWO-I

Each institute and the NWO-I office has a privacy coordinator and a privacy team, who together with all other colleagues ensure that NWO-I complies with the GDPR. NWO-I also has a Chief Information Security Officer (CISO) and a Data Protection Officer (DPO). Click here for all tasks and responsibilities.

Security incidents and data breaches

Security incidents come in all shapes and sizes. A security incident is an error or leak in a system that is used. Because of this error or leak, a system may no longer be reliable or available, for example. A security incident is not always immediately a data breach. 

A data breach involves the destruction, loss, alteration or sharing of personal data without intention. It is not only about data leakage, but also about the use of data when this is not permitted. Most data breaches are caused by human activity. Click here for some examples.  

Every security incident or suspicion thereof and every data leak must be reported immediately. If you are unsure whether something is a security incident or a data leak, always choose to report it. Read here how to report a security incident or data breach.

Privacy risks at work

Some processing, such as processing a lot of sensitive data from different people, pose more privacy risks. To assess whether your work involves privacy risks, you can use a Data Protection Impact Assessment (DPIA). 

Basic concepts in the GDPR

Here you will find a number of terms in the GDPR.

Confidental Infomation