Are you organising an event? Make sure that the registration form already contains short information on privacy. Do you conduct surveys? Then also briefly state what happens to the answers given by the respondents. Do you have someone on the phone and are you going to record that person's details? Always say so and state the purpose of the recording.
One of the most important principles in the GDPR is transparency. If you process personal details, this must be done in a lawful, honest manner and be transparent for those involved. For good privacy, the person involved must have control over the use of personal data. Without insight, there can be no control. Make sure it is always clear for what purpose you are processing the data and do this in understandable language. If the person in question wants to know more, you can refer to the privacy declaration of NWO for the complete information.
Some processing, such as the processing of many sensitive details of various people, involve more privacy risk. Privacy risk means the risk of restriction of rights and freedoms of someone as a result of the processing of his/her personal data. Think of identity theft or fraud, exclusion, physical injury, psychological distress, humiliation, reputational damage and loss of control over personal data.
Do you have questions about how best to inform individuals whose data you process? If so, consult your privacy coordinator or the communications colleagues at your institute or NWO-I office.
Increased privacy risks
NWO-I obviously wants to limit these privacy risks. To find out whether your work entails (high) privacy risks, you can do a check with a Data Protection Impact Assessment (DPIA). A DPIA is an instrument that maps out and assesses the risks of planned processing in a structured and standardised manner. Based on this, an organisation can take measures to prevent or reduce these effects for those involved.
With a DPIA
- You can describe the processing of personal data
- You assess the necessity of the processing
- You identify possible risks for the (rights and freedoms of the) data subject
- You manage the associated risks.
Are you starting a new processing operation with a potentially high privacy risk? NWO-I has a checklist for DPIAs. Contact the privacy coordinator. The Data Protection Officer supervises the correct implementation of DPIAs.