Versions Compared

Old Version 6

changes.mady.by.user Liam Atherton

Saved on

compared with

New Version 7

changes.mady.by.user Liam Atherton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is one of two documents in the PDK that MUST be presented and agreed to by all users

REFEDS DPCoCo

...

.

Personal data is any data set that can be taken from or combined with any source that can be used to determine information about a natural person

There are eight data protection rules that each data controller must ensure are followed [EC-DC-Oblig]:

  • Personal data must be processed legally and fairly.
  • It must be collected for explicit and legitimate purposes and used accordingly.
  • It must be adequate, relevant and not excessive in relation to the purposes for which it is collected and/or further processed.
  • It must be accurate, and updated where necessary.
  • Data controllers must ensure that data subjects can rectify, remove or block incorrect data about themselves.
  • Data that identifies individuals (personal data) must not be kept any longer than strictly necessary.
  • Data controllers must protect personal data against accidental or unlawful destruction, loss, alteration and disclosure, particularly when processing involves data transmission over networks. They shall implement the appropriate security measures.
  • These protection measures must ensure a level of protection appropriate to the data

To use the explanation given by the Information Commissioner’s Office [ICO-DPA-Def], a data controller is “a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed”. A data controller is the responsible party that must ensure that all processing of personal data complies with the GDPR. Failure to do so may result in legal repercussions. Data processors, on the other hand, process personal data solely under the direction of a data controller, who decides what personal information will be kept and to what uses it may be put.

REFEDS DP CoCo

The guidance on this page works along side The REFEDS Data Protection Code of Conduct

Resources

GDPR - https://gdpr-info.eu/

AARC Guidance for exchange of personal information - https://aarc-community.org/guidelines/aarc-g016/

AARC Data protection impact assessment - https://aarc-community.org/guidelines/aarc-g042/