Performing Privacy Impact Assessments on H2020 projects is an essential part of a risk-based approach to privacy and data protection the EU promotes.
Publicly-funded research projects such as those financed by the EU Commission often involve consortia consisting of a large number of partners. The task of ensuring privacy, data protection and ethics compliance is usually dedicated to one consortium partner, responsible for designing and implementing a project-wide privacy strategy.
To proactively manage privacy-related risks, this strategy sometimes must include an initial Privacy Impact Assessment (PIA).
PIA/DPIA resulting from an Ethics Requirement
Projects are assessed to see whether they raise ethical issues and, if so, whether these are adequately addressed.
In case your proposal received a conditional ethics clearance, your ethics summary report will list one or more ‘ethics requirements’ which become contractual obligations. As described in our white paper Conditional Clearance and Ethics Requirements, performing a Privacy or Data Protection Impact Assessment might be one of them.
What this eBook is about?
Our publication describes a hands-on approach to performing Privacy Impact Assessments on H2020 projects. We discuss real-life issues a person tasked with the PIA might encounter.
This document is not intended to be a comprehensive guide to data protection risk management. In it, we only share some of our experience, ideas and practical advice with potential assessors performing a PIA on an H2020 project.
We hope that this white paper will help you successfully engage consortium partners with different competencies and privacy practices, avoid possible pitfalls of performing a PIA on an H2020 project.