GDPR within NWO-I
Privacy coordinator (1st line)
Point of contact within the institute and NWO-I office
AMOLF/ARCNL - Cees van der Ven and Sharlene Labots
ASTRON - Gert Kruithof
NWO-I office - Peter Spijker
CWI - Carl Schulz
DIFFER - Miranda Breugem
Nikhef - Ronald Starink
NIOZ - Jacqueline Wiersma
NSCR - Aad van der Klaauw
SRON - Hans Bloemen and Sandra van Gessel
Privacy teams institutes and NWO-I office
Officials and PCs together
Departments and teams within an institute or agency must work in accordance with the GDPR. Sometimes institutions designate colleagues for specific tasks related to privacy. All privacy officers together have the task of promoting this GDPR compliance: they supervise the process, create awareness and support, signal non-compliant actions and secure knowledge within the department. The privacy officers and the privacy coordinator together form the privacy team for the institute or agency.
Central privacy coordinator (2nd line)
Connecter of all GDPR roles
The Central Privacy Coordinator (CPC) takes care of the coordination of the GDPR work, the fine-tuning for this between the various sections of NWO-I, the monthly meetings between the privacy coordinators, the FG and the CISO, and provides advice on various GDPR issues. The CPC has an important role in connecting the people with GDPR roles and ensures that as many tasks as possible are streamlined and (if possible) taken up jointly. The CPC also provides support in dealing with data breaches and is a member of the data breach team (as a member of the NWO-I Privacy Team). The CPC also has an important advisory role to the institutes and the office.
Data Protection Officer (3rd line)
Independent internal privacy supervisor
The GDPR requires organisations that process a lot of or special personal data, such as NWO-I, to have an independent internal officer on board to supervise the processing of personal data and privacy compliance in a broader sense: the Data Protection Officer (DPO). NWO-D and NWO-I share the DPO. The tasks and authorities of the DPO are laid down in the GDPR.
The tasks of the DPO are diverse: the DPO advises and informs the entire organisation and the individual organisational units about their obligations in the area of privacy and the application of privacy legislation. He monitors the application of and compliance with the GDPR and relevant other legislation, the policy of NWO-D and NWO-I, and the allocation of responsibilities under the GDPR. The DPO contributes to the provision of information to staff about the processing of personal data, thus raising awareness about privacy, supervises the training of staff and the execution of audits.
On behalf of NWO the DPO is the contact point for the Personal Data Authority and also the contact point for those whose personal data are processed by NWO-D and NWO-I.
Chief Information Security Officer
The CISO is responsible for developing and implementing security and determining the necessary measures, insofar as these are centrally organised. The CISO advises the institutes, solicited and unsolicited, on security issues for which the responsibility lies with the institutes.