Print this page

GDPR within NWO-I


Privacy coordinator (1st line)

Point of contact within the institute and NWO-I office
The privacy coordinator (PC) within an institute or NWO-I office is responsible in the first line for designing, monitoring and - partly - implementing the privacy policy. This is done in close consultation with the central privacy coordinator and the Data Protection Officer (DPO). In addition, the PC supports in mapping out the risks by, for example, carrying out a Data Protection Impact Assessment (DPIA). The PC has an important role on the work floor: just like the IT manager, the PC has an advisory role for the professional teams and answers questions such as: "How should we share this data?"; "Which rules should we comply with?"; "Which rules apply for an external party?". The PC creates awareness and provides training. In case of incidents, the PC collects information and takes care of communication, and takes measures or prepares these.

AMOLF/ARCNL - Cees van der Ven and Sharlene Labots
ASTRON - Gert Kruithof
NWO-I office - Peter Spijker
CWI - Carl Schulz
DIFFER - Miranda Breugem
Nikhef - Ronald Starink
NIOZ - Jacqueline Wiersma
NSCR - Angeniet Gillissen and Aad van der Klaauw
SRON - Hans Bloemen and Sandra van Gessel

Privacy teams institutes and NWO-I office
Officials and PCs together
Departments and teams within an institute or agency must work in accordance with the GDPR. Sometimes institutions designate colleagues for specific tasks related to privacy. All privacy officers together have the task of promoting this GDPR compliance: they supervise the process, create awareness and support, signal non-compliant actions and secure knowledge within the department. The privacy officers and the privacy coordinator together form the privacy team for the institute or agency.

Central privacy coordinator (2nd line)
Connecter of all GDPR roles
The Central Privacy Coordinator (CPC) takes care of the coordination of the GDPR work, the fine-tuning for this between the various sections of NWO-I, the monthly meetings between the privacy coordinators, the FG and the CISO, and provides advice on various GDPR issues. The CPC has an important role in connecting the people with GDPR roles and ensures that as many tasks as possible are streamlined and (if possible) taken up jointly. The CPC also provides support in dealing with data breaches and is a member of the data breach team (as a member of the NWO-I Privacy Team). The CPC also has an important advisory role to the institutes and the office.

Data Protection Officer (3rd line)
Independent internal privacy supervisor
The GDPR requires organisations that process a lot of or special personal data, such as NWO-I, to have an independent internal officer on board to supervise the processing of personal data and privacy compliance in a broader sense: the Data Protection Officer (DPO). NWO-D and NWO-I share the DPO. The tasks and authorities of the DPO are laid down in the GDPR.
The tasks of the DPO are diverse: the DPO advises and informs the entire organisation and the individual organisational units about their obligations in the area of privacy and the application of privacy legislation. He monitors the application of and compliance with the GDPR and relevant other legislation, the policy of NWO-D and NWO-I, and the allocation of responsibilities under the GDPR. The DPO contributes to the provision of information to staff about the processing of personal data, thus raising awareness about privacy, supervises the training of staff and the execution of audits.
On behalf of NWO the DPO is the contact point for the Personal Data Authority and also the contact point for those whose personal data are processed by NWO-D and NWO-I.

Chief Information Security Officer
Information security
The careful handling of personal data is partly covered by the general rules for information security. NWO-I has a Chief Information Security Officer (CISO). The CISO is closely involved in the implementation of the privacy policy.
The CISO is responsible for developing and implementing security and determining the necessary measures, insofar as these are centrally organised. The CISO advises the institutes, solicited and unsolicited, on security issues for which the responsibility lies with the institutes.

Confidental Infomation