Icons made by Freepik from www.flaticon.com

A Clear Separation of Responsibilities

Protecting personal data is a fundamental responsibility at CERN. To ensure that this protection is effective, transparent, and trustworthy, CERN applies a clear separation of responsibilities in the area of data‑privacy governance.

CERN ensures that data privacy responsibilities are carried out by clearly defined and distinctly separate roles:

• The Chief Information Officer (CIO), together with the Data Privacy Coordination Committee (DPCC), is responsible for implementing OC 11. This means implementing OC 11 by defining procedures, putting policies in place, and overseeing day‑to‑day governance across the Organization.
• The Office of Data Privacy (ODP) and the Data Protection Commission (DPC), on the other hand, act independently from this implementation role. They interpret OC 11, provide neutral and independent advise and guidance, assess compliance, and review specific cases. Their autonomy, together with the ODP’s direct reporting line to the Director-General, ensures that privacy obligations are applied fairly and consistently.

This separation of duties is an essential element of good governance. It reinforces accountability, prevents conflicts of interest, and helps maintain trust in how CERN manages personal data.