Icons made by Freepik from www.flaticon.com

A Clear Separation of Responsibilities

Protecting personal data is a fundamental responsibility at CERN. To ensure that this protection is effective, transparent, and trustworthy, CERN applies a clear separation of powers in the area of data‑privacy governance.

CERN distinguishes between executive and judicial functions in data privacy:

• The Chief Information Officer (CIO), together with the Data Privacy Coordination Committee (DPCC), acts as the executive authority. This means implementing OC 11 by defining procedures, putting policies in place, and overseeing day‑to‑day governance across the Organization.
   
• The Office of Data Privacy (ODP) and the Data Protection Commission (DPC), on the other hand, serve as the judicial authorities. Working independently, they interpret OC 11, provide neutral and independent advise and guidance, assess compliance, and review specific cases. Their autonomy and the ODP’s direct reporting line to the Director-General ensure that privacy obligations are applied fairly and consistently.

This segregation of duties is an essential principle of good governance. It reinforces accountability, prevents conflicts of interest, and helps maintain trust in how CERN manages personal data.