From c8d552a81fcd5b965949fb21422cf15570d97028 Mon Sep 17 00:00:00 2001 From: TiG Date: Mon, 15 Nov 2021 10:16:12 +0100 Subject: [PATCH 1/4] add file and basic structure for gdpr examples --- source/guides/gdpr-by-example.rst | 41 +++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 source/guides/gdpr-by-example.rst diff --git a/source/guides/gdpr-by-example.rst b/source/guides/gdpr-by-example.rst new file mode 100644 index 0000000..9757c59 --- /dev/null +++ b/source/guides/gdpr-by-example.rst @@ -0,0 +1,41 @@ +========================= +GDPR workflows by example +========================= + +.. hint:: + + This document is intended to provide an overview of the existing GDPR + processes in interaction with Castellum at the MPI for Human Development. + It is intended to provide guidance to other institutions, but is **not** + meant to be adopted one-to-one. + + +.. _gdpr-object: + +Right to object +=============== + + +.. _gdpr-access: + +Right of access by the data subject +=================================== + + +.. _gdpr-rectification: + +Right to rectification +====================== + + +.. _gdpr-data-portability: + +Right to data portability +========================= + + +.. _gdpr-erasure: + +Right to erasure +================ + -- GitLab From 923bff45c76730575a33d5e2b86310407a88d044 Mon Sep 17 00:00:00 2001 From: TiG Date: Fri, 19 Nov 2021 10:33:27 +0100 Subject: [PATCH 2/4] initial draft for objection --- source/guides/gdpr-by-example.rst | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/source/guides/gdpr-by-example.rst b/source/guides/gdpr-by-example.rst index 9757c59..a5ced0b 100644 --- a/source/guides/gdpr-by-example.rst +++ b/source/guides/gdpr-by-example.rst @@ -15,6 +15,20 @@ GDPR workflows by example Right to object =============== +This is referring to the recruitment consent in Castellum: Every user at the +MPI for Human Development who is allowed to update subject data can *untick* a +given recruitment consent in subject details (**Data protection** tab). In most +cases the required Castellum permissions are given to staff members who are in +direct contact to subjects (either subject management, recruitment oder study +execution). This ensures ability to act quickly and independently on the right +to object for recruitment consents. + +Revocations of individual study consents are completely handled outside of +Castellum by study conductors in cooperation with the study coordinators. + +In both cases staff members of the MPI for Human Development educate the +subjects that this is only affecting **future activities** on gathered data of +the subject. Hence, it is made clear that data **won't be** erased instantly. .. _gdpr-access: -- GitLab From 028bf9c384de4b1cc0b8c94190f9dd2e2d9dc68f Mon Sep 17 00:00:00 2001 From: TiG Date: Fri, 19 Nov 2021 11:16:23 +0100 Subject: [PATCH 3/4] add effects of recruitment objection --- source/guides/gdpr-by-example.rst | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/source/guides/gdpr-by-example.rst b/source/guides/gdpr-by-example.rst index a5ced0b..d846c11 100644 --- a/source/guides/gdpr-by-example.rst +++ b/source/guides/gdpr-by-example.rst @@ -21,7 +21,13 @@ given recruitment consent in subject details (**Data protection** tab). In most cases the required Castellum permissions are given to staff members who are in direct contact to subjects (either subject management, recruitment oder study execution). This ensures ability to act quickly and independently on the right -to object for recruitment consents. +to object for recruitment consents. Removing the recruitment consent in +Castellum makes sure that the subject will not be considered in future study +recruitments. Beyond that, recruiters are warned if the subject was already +proposed in a running study recruitment prior to the objection. Current study +participations of the objecting subject are not highlighted in Castellum as we +expect that (in this rare scenario) they will explicitly take a stand on what to +do (see below for study consent revocation). Revocations of individual study consents are completely handled outside of Castellum by study conductors in cooperation with the study coordinators. -- GitLab From 00ea60d924507afaa202b1a81cb9acda5dae3d71 Mon Sep 17 00:00:00 2001 From: TiG Date: Mon, 15 Aug 2022 12:55:21 +0200 Subject: [PATCH 4/4] feedback loop th --- source/guides/gdpr-by-example.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source/guides/gdpr-by-example.rst b/source/guides/gdpr-by-example.rst index d846c11..99edc33 100644 --- a/source/guides/gdpr-by-example.rst +++ b/source/guides/gdpr-by-example.rst @@ -19,20 +19,20 @@ This is referring to the recruitment consent in Castellum: Every user at the MPI for Human Development who is allowed to update subject data can *untick* a given recruitment consent in subject details (**Data protection** tab). In most cases the required Castellum permissions are given to staff members who are in -direct contact to subjects (either subject management, recruitment oder study -execution). This ensures ability to act quickly and independently on the right -to object for recruitment consents. Removing the recruitment consent in +direct contact with subjects (either subject management, recruitment oder study +execution). This ensures the ability to act quickly and independently on the +right to object for recruitment consents. Removing the recruitment consent in Castellum makes sure that the subject will not be considered in future study recruitments. Beyond that, recruiters are warned if the subject was already proposed in a running study recruitment prior to the objection. Current study participations of the objecting subject are not highlighted in Castellum as we -expect that (in this rare scenario) they will explicitly take a stand on what to -do (see below for study consent revocation). +expect that (in this rare scenario) they will explicitly voice their opinion on +what to do (see below for study consent revocation). Revocations of individual study consents are completely handled outside of Castellum by study conductors in cooperation with the study coordinators. -In both cases staff members of the MPI for Human Development educate the +In both cases staff members of the MPI for Human Development inform the subjects that this is only affecting **future activities** on gathered data of the subject. Hence, it is made clear that data **won't be** erased instantly. -- GitLab