EURAXESS TOPIV Online Training for Portal Administrators
5th-6th of November 2020 Day 1
organized by Estonian Research Council
Talk: Compliance issues
Presenters: Laura SANCHO-ANDRES, European Commission; Milan Zdravković, University of Niš, Serbia
3. GDPR
General Data Protection Regulation
Launched on May 2018 – entered into force in May 2018
GOALS
– give control to individuals over their personal data
– Simplify the regulatory environment for international
business
Applicable to all EU member states and all EU citizens
Personal Data includes:
– Name
– Address
– ID card/passport number
– Income
– Cultural profile
– Internet Protocol (IP) address
– Data held by a hospital or
doctor for health purposes
4. EU Portal Privacy Statment
Why we process data
What is the data we
collect and process
For how long the data
is kept
How we protect the
data
Who has access to the
data
Exercise of rights
Contact information
More information
6. National Portals State of Play
Only a few national portals have a clear data privacy and
other legal information in a visible location
Some national portals still link to the EU portal’s privacy from
our previous unit
Most national portals link to the EU portal’s privacy page
Still some portals do not include any information on the topic
7. National Portals Disclaimers
26%
50%
24%
Legal notice
Yes Partial None
Legal notice is mandatory and
must be located in a visible place
36%
26%
38%
Data Protection
Yes Wrong None
52%
48%
Cookie Information
Yes No
74%
Content disclaimer
Yes No
19%
81%
Copyright
Yes No
8. Best practice
Data Privacy: how, why,
where, for how long…
Analysis services
Cookies
Newsletter
Enquiriesby email
Registration for events
Other good practices:
9. Update National Portal Information
National portals are bound by national legislation
Non-compliant portals are in breach of this legislation
Act on your portals before end of January 2021
10. Why do National Portals need a Data Privacy
policy?
You receive direct queries from researchers and organisations
via the contact means published on EURAXESS
Some portals offer newsletter subscription
You may offer event registrations
Google Analytics is used to track visits
So…
What do you do with this information?
11. Data Protection
European Commission stores in a single pool of users the
information from registered members, but you need to
declare exactly:
Do you process any data?
Which data?
How long you keep it?
How do you protect it?
Who has access to the data?
How can members exercise their rights?
Include BHO information:
Contact details and physical address
13. Content Disclaimer
Information in your website may not be
accurate due to being copied or linked from
other websites which may not be fully updated.
Jobs, hosting and funding opportunities are
posted by organisations and they are solely
responsible for the application and selection
process
14. Copyright
Not mandatory but strongly
encouraged to prevent
unauthorised duplication or use of
content/images
A valid copyright includes:
– Symbol or words “Copyright” or
“copr”
– The year of publication of the
website
– Name of copyright owner
15. Creative Commons licenses
A standardisedway to grant and understand copyright
permissions: https://creativecommons.org/licenses/