Data Protection Review
The purpose of a data protection review is to identify potential risks before the collection and processing of personal data and to minimize them where possible.
In university life, data protection reviews particularly come into play before research projects and before the introduction of new digital services for teaching, research, or administration.
To determine whether the type of data or its processing poses a high risk to the rights and freedom of the data subject and whether there is an increased need for protection the protection needs analysis is used. An increased need for protection arises in particular when processing special personal data and when a large number of data subjects are involved. The evaluation of the protection needs analysis shows whether further steps in the form of a data protection impact assessment or a prior consultation are necessary and is carried out by the data protection officer and the information security officer (CISO).
If the risk is likely to be high, a data protection impact assessment (DPIA) must be carried out. It essentially consists of a detailed risk analysis and contains existing or planned measures to reduce or eliminate these risks. The aim of the data protection impact assessment is to ensure that personal data is processed in compliance with data protection regulations.
In special cases, the project must be submitted to the cantonal data protection officer for prior consultation.
The Data Protection Officer's team is available to answer questions and assist you with implementation.
Contact: datenschutz@unibas.ch
