Do you remember when CERN’s data protection framework first came to life?

Operational Circular No. 11, “The Processing of Personal Data at CERN” (OC 11), was adopted in 2018 and came into force in 2019. A bit later, in 2021, two annexes were added to define the mandate and functioning of the Data Protection Commission.

After six years of daily use across the Organization, OC 11 has now been thoroughly refreshed.

The new version reflects what we’ve learned along the way, helps reduce legal and reputational risks, and brings more clarity to several key areas of CERN’s data privacy setup. You’ll find clearer explanations on topics such as consent, Data Privacy Impact Assessments (DPIAs), the role of external entities, CERN’s responsibilities as a Data Controller, and data transfers. At the same time, some provisions have been streamlined without lowering the level of protection.

The updated OC 11 is now available on CDS.

To help you navigate the changes, the ODP has also put together a fact sheet highlighting the main updates.