Implementing General Data Protection Regulation for Research Data
Friday, September 30, 2016 - 09:00
The General Data Protection Regulation (GDPR) enter into application 25 May 2018 after a two-year transition period. GDPR do not require any enabling legislation and it includes clauses about severe sanctions for non-compliance. Simultaneously, the well motivated pursuit for Open Data, makes data protection yet more challenging.
In this presentation, we will show, how the requirements of GDPR, can and should be implemented in terms of operational security and by implementing well known best security practices. Without comprehensive Operational Security controls the requirements for responsibility, accountability and notifying of breaches cannot be duly implemented. Also, researches, research institutions, research infrastructures and data centers must also provide reliable, automated and secure processes for consent, erasure and data portability. All this will require a considerable amount of development.
It is important that research infrastructures and data centers develop efficient and feasible ways to implement GDPR. The most efficient way to achieve this is by sharing best security practices and related codes and processes. In this presentation we will present implementations and roadmaps developed at EUDAT.