May 26, 2023
Bulletin interne de l'Institut Pasteur
New memo: protection of personal data
• Protection of personal data
Data protection refers to all the legal and technical procedures that govern the collection, use and preservation of personal data – in other words, any information related to an identified or identifiable physical person. The issue of data protection therefore affects the entire Institut Pasteur community in their work on a daily basis.
Since 2018 and the entry into force of the GDPR (General Data Protection Regulation) in the European Union, responsibility for data protection has been placed on data controllers and processors, who now have to document the compliance of any data processing in such a way as to be able to offer proof of compliance at the request of supervisory authorities (the CNIL in France). This approach has also led to stricter obligations, in line with the sensitivity of the data being processed. Health-related data and genetic data – both of which are central to the Institut Pasteur's activities – are particularly affected, and the Institut Pasteur is committed to abiding by the principle of research that respects human dignity, as laid down in its Ethics Charter.
Memo 0141 presents the organizational structure introduced at the Institut Pasteur to comply with data protection obligations from the very first stages in the development of a project. Anticipating requirements at an early stage helps ensure compliance with the GDPR and reflects the Institut Pasteur's excellence in this area.
If you have any questions or are interested in finding out more, please contact the Institut Pasteur's Data Protection Officer (dpo@pasteur.fr).