Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SOP Request] Individuals Part of Datasets Withdrawing Their Consent for Data #23

Open
2 tasks done
dav-salgado opened this issue Jul 29, 2024 · 0 comments
Open
2 tasks done

[SOP Request] Individuals Part of Datasets Withdrawing Their Consent for Data #23

dav-salgado opened this issue Jul 29, 2024 · 0 comments
Labels
enhancement New feature or request new-sop-request Label assigned to issues requesting a new GDI SOP

Comments

@dav-salgado
Copy link

SOP topics

Data & metadata management

SOP type

Node-specific

SOP Title

Individuals Part of Datasets Withdrawing Their Consent for Data

Detailed Description

  1. Receipt of Withdrawal of Consent
    1.1. Receipt of a written or electronic notification of withdrawal of consent
    1.2. The DPO (Data protection Officer) confirms the identity of the data subject
    1.3. The DPO registers the withdrawal of consent in the Data management system of the GDI node.

  2. Data Identification
    2.1. The data manager identifies all data records associated with the data subject.
    2.2. Data may be identified through unique identifiers (e.g., ID number, email address) or other relevant criteria.

  3. Data Removal
    3.1. The data manager securely deletes the identified data from the data repository
    3.2. Data deletion methods should be in accordance with the organization’s data retention policy and applicable data protection regulations.
    3.3. If complete deletion is not possible or desirable, data may be anonymized or pseudonymized to remove any personal identifiers.

  4. Documentation
    4.1. The data manager documents the data removal process, including:
    4.1.1. Date of receipt of the withdrawal of consent
    4.1.2. Data subject’s identification information
    4.1.3. Data sets affected
    4.1.4. Methods used for data identification and removal
    4.1.5. Confirmation of data deletion or anonymization

  5. Incident Management
    5.1 In case of accidental data retention or unauthorized access to data after withdrawal of consent, an incident response plan should be activated.

  6. Notification
    6.1 The DPO informs the data subject of the completion of the data removal process, as required by applicable regulations.

  7. EU operation level
    7.1 GDI data aggregator should be informed with no delay of the removal of the data / dataset id to be remove from search applications

Motivation

To Comply with data protection regulations in term of data sharing for individuals

Existing Procedures or References

No response

Impact

No response

Stakeholders

  • 1+MG Management Board
  • Data protection Officer
  • Data management team
  • Node administrators
  • Node management team
  • IT security team

Additional Information

No response

Requester GDI role

Yes

Requester GDI Node

No response

Confirmation

  • I have searched the existing SOPs and this request does not duplicate an existing SOP.
  • I understand that submitting this request does not guarantee the creation of the SOP.
@dav-salgado dav-salgado added enhancement New feature or request new-sop-request Label assigned to issues requesting a new GDI SOP labels Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request new-sop-request Label assigned to issues requesting a new GDI SOP
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dav-salgado