x
Loading
+ -

Data Protection Review

Data_Protection_Review
© New Media Center, University of Basel

The purpose of a data protection review is to identify potential risks before the collection and processing of personal data and to minimize them where possible.

In university life, data protection reviews particularly come into play before research projects and before the introduction of new digital services for teaching, research, or administration.

To determine whether the type of data or its processing poses a high risk to the rights and freedom of the data subject and whether there is an increased need for protection the protection needs analysis is used. An increased need for protection arises in particular when processing special personal data and when a large number of data subjects are involved. The evaluation of the protection needs analysis shows whether further steps in the form of a data protection impact assessment or a prior consultation are necessary and is carried out by the data protection officer and the information security officer (CISO).

If the risk is likely to be high, a data protection impact assessment (DPIA) must be carried out. It essentially consists of a detailed risk analysis and contains existing or planned measures to reduce or eliminate these risks. The aim of the data protection impact assessment is to ensure that personal data is processed in compliance with data protection regulations.

In special cases, the project must be submitted to the cantonal data protection officer for prior consultation.

The Data Protection Officer's team is available to answer questions and assist you with implementation.

Contact: datenschutz@unibas.ch

 

  • Data Protection Review for Research Projects

    Basic legal questions should already be considered during the planning of and before the start of a research project, including whether the project complies with data protection requirements.
    If an ethics self-assessment of the University Ethics Committee (UEK) shows that a planned research project does not require approval, a data protection review of compliance with data protection rules is sufficient. Such a review is carried out in collaboration with the Data Protection Officer; please fill out the corresponding application form to start.

    If you have questions, you can contact the Data Protection Officer's team by email at any time.

    Basic legal questions should already be considered during the planning of and before the start of a research project, including whether the project complies with data protection requirements.
    If an ethics self-assessment of the University Ethics Committee (UEK) shows that a planned research project does not require approval, a data protection review of compliance with data protection rules is sufficient. Such a review is carried out in collaboration with the Data Protection Officer; please fill out the corresponding application form to start.

    If you have questions, you can contact the Data Protection Officer's team by email at any time.

    Links & Downloads

  • Protection needs analysis for digital services

    Before introducing a new digital service for teaching, research or administration, a protection needs analysis must be initiated. For this purpose, the protection needs analysis (Intranet) is completed and submitted. If there is likely to be a high risk to the fundamental rights of data subjects, a data protection impact assessment (DPIA) must be carried out.

    Please note that a specific Data protection notice and Terms of use may need to be prepared for the service. The Data Protection Officer's team will assist you in drafting and reviewing the corresponding documents. Creation of a new website (IT-Services) also requires a data protection statement.

    If you want to use a new tool, please contact the Data Protection Officer.

    Before introducing a new digital service for teaching, research or administration, a protection needs analysis must be initiated. For this purpose, the protection needs analysis (Intranet) is completed and submitted. If there is likely to be a high risk to the fundamental rights of data subjects, a data protection impact assessment (DPIA) must be carried out.

    Please note that a specific Data protection notice and Terms of use may need to be prepared for the service. The Data Protection Officer's team will assist you in drafting and reviewing the corresponding documents. Creation of a new website (IT-Services) also requires a data protection statement.

    If you want to use a new tool, please contact the Data Protection Officer.

    Links & Downloads

To top