Key Processing Principles

Personal Data are processed for one or more specific purposes

A specific and legitimate reason is needed for any personal data that is processed. The essential principle require the purpose for personal data be made before collecting the data; furthermore personal data can only be used for the specified reasons.

The specific purposes of the processing will be detailed through the privacy notice attached to the service description in ServiceNow. It is the responsibility of the controlling service to ensure that the information in the privacy notice is accurate and complete. The information may be updated through the appropriate template in ServiceNow and regenerating the privacy notice.

Guiding Questions on purpose limitation
Have you identified all purposes of your process? Are all purposes compatible with the initial purpose? Is there a risk that the data could be reused for other purposes (function creep)? How can you ensure that data are only used for their defined purposes? In case you want to make available/re-use data for scientific research, statistical or historical purposes, what safeguards do you apply to protect the individuals concerned?

Guiding Questions on purpose limitation

Have you identified all purposes of your process?
Are all purposes compatible with the initial purpose?
Is there a risk that the data could be reused for other purposes (function creep)?
How can you ensure that data are only used for their defined purposes?
In case you want to make available/re-use data for scientific research, statistical or historical purposes, what safeguards do you apply to protect the individuals concerned?

The Personal Data collected are adequate, relevant and limited to the minimum required for the purpose

It is the responsibility of the controlling service to justify the collection of the personal data and to ensure that it is strictly limited to the intended purpose. If required, for instance when sensitive personal data is processed, this will be explained and documented through an impact assessment template in ServiceNow. This information is kept by the ODP and is not made generally available.

Guiding Questions on data minimisation
Are the data of sufficient quality for the purpose? Do the data you collect measure what you intend to measure? Are there data items you could remove (or mask/hide) without compromising the purpose of the process? Do you clearly distinguish between mandatory and optional items in forms? In case you want to keep information for statistical purposes, how do you manage the risk of re-identification?

Guiding Questions on data minimisation

Are the data of sufficient quality for the purpose?
Do the data you collect measure what you intend to measure?
Are there data items you could remove (or mask/hide) without compromising the purpose of the process?
Do you clearly distinguish between mandatory and optional items in forms?
In case you want to keep information for statistical purposes, how do you manage the risk of re-identification?

Personal Data are accurate and kept up to date

The controlling service must ensure that information concerning personal data are kept up to date and that includes allowing the user to request modifications to his or her data. Such requests will be made to the service directly through the request form in ServiceNow.

Guiding Questions on accuracy
What could be the consequences for the persons affected of acting on inaccurate information in this process? How do you ensure that the data you collect yourself are accurate? How do you ensure that data you obtain from third parties are accurate? Do your tools allow updating/correcting data where necessary? Do your tools allow consistency checks?

Fair, transparent and lawful processing

The concept of "Fair, Transparent and Lawful" processing is implemented through a number of measures. Services which are processing personal information will generally do so in order to provide the service to the user community and will do so in accordance with CERN's internal legislation. The user will be informed through the privacy notice which is attached to the service description in ServiceNow. The user has the right to access the information which is held about him or her through the mechanism as described in the "For Data Subjects" section on this website.

Guiding Questions on fairness
Can people expect this processing to happen, also if they don’t read the information you provide them with? Could this generate chilling effects or lead to discrimination? How do you make sure that the information you provide actually reaches the individuals concerned? Is it easy for people to exercise their rights to access, rectification, erasure etc.? In case you rely on consent, is it really free? How do you document that people gave it? How can they revoke their consent?

Guiding Questions on fairness

Can people expect this processing to happen, also if they don’t read the information you provide them with?
Could this generate chilling effects or lead to discrimination?
How do you make sure that the information you provide actually reaches the individuals concerned?
Is it easy for people to exercise their rights to access, rectification, erasure etc.?
In case you rely on consent, is it really free? How do you document that people gave it? How can they revoke their consent?

Personal Data are retained for the minimum period necessary for the purpose

The controlling service will ensure that personal data are only kept for strictly the minimum period needed to fulfill the specific purpose for the collection and processing of the personal data. Retention guidelines will help the controlling service to determine the appropriate period data must or can be kept before it is to be deleted.

Guiding Questions on storage limitation
Does a specific legislation define storage periods for your process? How long do you need to keep which data? For which purpose(s)? Can you distinguish storage periods for different parts of the data? If you cannot delete the data just yet, can you restrict access to it? Will your tools allow automated permanent erasure at the end of the storage period?

Personal Data are kept in a secure manner

The controlling service will ensure that the personal data are kept in a secure manner which will ensure appropriate technical safeguards such as encryption wherever possible and otherwise strict access controls, audit logs etc. The controlling service is responsible for ensuring the confidentiality, integrity and appropriate availability of the Personal Data.

Guiding Questions on security
Do you have a procedure to perform an identification, analysis and evaluation of the information security risks possibly affecting personal data and the IT systems supporting their processing? Do you take into consideration the nature, scope, context and purposes of processing when assessing the risks? Do you target the impact on people’s fundamental rights, freedoms and interests and not only the risks to CERN? Do you have resources and staff with assigned roles to perform the risk assessment? Do you systematically review and update the security measures in relation to the context of the processing and the risks?

Guiding Questions on security

Do you have a procedure to perform an identification, analysis and evaluation of the information security risks possibly affecting personal data and the IT systems supporting their processing?
Do you take into consideration the nature, scope, context and purposes of processing when assessing the risks?
Do you target the impact on people’s fundamental rights, freedoms and interests and not only the risks to CERN?
Do you have resources and staff with assigned roles to perform the risk assessment?
Do you systematically review and update the security measures in relation to the context of the processing and the risks?

Useful Links

Link Type	URL
Legal document	Operational Circular no. 11 "The Processing of Personal Data at CERN"
Procedure	Data retention guideline

CERN Accelerating science