June 29, 2018
Bulletin interne de l'Institut Pasteur
Focus on the General Data Protection Regulation: Part 3 – The Institut Pasteur takes action!
Since May 25, everyone seems to have been talking about the GDPR: what exactly is personal data, what do we mean by data processing, who is affected, etc. So it is high time that we got to the heart of the matter and let you know about the measures that have been taken here at the Institut Pasteur. How is the Institut Pasteur progressing in its efforts to ensure compliance with the GDPR?
One of the main requirements of the GDPR is the appointment of a data protection officer (DPO), especially in organizations that handle sensitive data, such as the Institut Pasteur. Edwige Hoflack, the Institut Pasteur's newly appointed DPO, will take office on July 2 as a member of the Legal Affairs Department. You will have the opportunity to meet her in the coming weeks and months, but in the meantime, feel free to send her any questions about the GDPR via the address rgpd@pasteur.fr.
The GDPR imposes obligations on organizations. Every organization is responsible for proving that it processes its data in compliance with the requirements laid down in the GDPR. All processing of personal data carried out by organizations must be centralized with the DPO and recorded in a data processing register. The Institut Pasteur is currently developing phase one of its data processing register following a series of ten meetings held with various departments (Center for Translational Science, Human Resources Department, Technical Resources and Environment Department, Medical Center, etc.). These meetings were also an opportunity to analyze any gaps in compliance with the GDPR.
The support services are currently taking measures to:
-
adapt communication and information about the rights of individuals (adapting references to the French Data Protection Authority in documentation, incorporating statements about the need to inform people concerned in advance of projects, etc.);
-
develop contractual clauses about data protection.
Initiatives to guide individuals launching new research projects and those in support roles have also been set up, with the aim of incorporating the GDPR right from the very early stages of project development.
The GDPR concerns everyone, so you may be approached during these various stages. If you have any questions, please feel free to contact rgpd@pasteur.fr.