D9.3 – D9.5 POPD – Requirement No. 3,4,5
POPD – Requirement No. 3
The host institution must confirm that it has appointed a Data Protection Officer (DPO) and that the contact details of the DPO are made available to all data subjects involved in the research. For host institutions not required to appoint a DPO under the GDPR a detailed data protection policy for the project must be submitted. A description of the anonymization/pseudonymization techniques that will be implemented must be submitted.
In case the research involves profiling, the applicant must provide an explanation of how the data subjects will be informed of the existence of the profiling, its possible consequences, and how their fundamental rights will be safeguarded.
POPD – Requirement No. 4
In case of further processing of previously collected personal data, an explicit confirmation that the applicant has a lawful basis for the data processing and that the appropriate technical and organizational measures are in place to safeguard the rights of the data subjects must be submitted.
POPD – Requirement No. 5
The applicant must evaluate the ethical risks related to the data processing activities of the project. This includes also an opinion if data protection impact assessment should be conducted under art.35 General Data Protection Regulation 2016/679. The risk evaluation and the opinion must be submitted.