GDPR and Protection of Personal Data in Horizon Europe
A Case Study for Research Managers and Administrators
Format: Oral 30 Minutes
Topic: Project Management
Friday 6 May 9:15 a.m. - 10:15 a.m. (UTC)
This 30-minute interactive session asks participants to interact with characters from a case study on data protection issues exposed by research partners awarded with a fictional Horizon Europe grant. Participants will play the roles of data controller and processor, committed to handle and store personal data of EU and Non-EU citizens for research purposes.
Participants will receive project inputs from the speaker and work together to seek compliance of research activities with the General Data Protection Regulation (GDPR), which defines principles relating to processing of personal data, the lawfulness of such processing and modalities to ensure transparent information, communication and rights of the data subjects.
Rules and best practices in data processing are part of the essential toolbox for Research Managers and Administrators, answering the growing call of GDPR-compliance along with Data Protection Officers. Beyond the understanding of accountability, privacy by design and by default principles, professionals are testing themselves with the constant update of data protection guidelines from the European Data Protection Board.
This interactive session is targeted to an audience of intermediate level, aware of the topic of data protection/GDPR and willing to engage with other professionals in a controlled environment. The session will benefit from a short debriefing and a follow-up survey to gather best practices in data management put in place by participants in their day-to-day work and deliver a report to the EARMA community.
Within an unconventional frame, participants will be actively involved in the flow of events from a case study of personal data processing within a Horizon Europe research project. By sharing their personal experience, participants will test and discuss best practices and compliance with GDPR rules.