Category
Other
Owner
WLCG
Risk Summary
GDPR Not Fully Complied with
Risk Detail
The GDPR may not be full comlied with across the full collaboration.
Effect
Could have an impact on services and the collaboration of some sites are unable to run services, or face legal challenges.
Mitigation
Due diligence in trying to implement the requirements of the GDPR, and by having clear policy frameworks. Informaing sites and collaborators of their responsibilities under the regulations.
Risk
Risk Impact
2
Risk Likelihood
3
Risk Severity
6
We have a strong set of policies covering most of the use of the infrastructure - these were put in place to satisfy our needs to be able to trust each other and to satisfy the requirements in some countries even before the GDPR. Some of these have been slightly updated to be consistent with the GDPR (AUP, accounting policy, etc.). We have a new Privacy Notice, and a template (undergoing approval) to be applied to essential services. Each site running services must ensure that it complies with the needs in terms of data collection, processing, and storage.
There is still uncertainty in the interpretation of the regulations in some cases - particularly regarding how they apply to a distrbuted scientific infrastructure.
Our strategy is to to apply what we clearly understand as requirements, to be open and clear about how information is collected and retained, and be ready to adapt as interpretations of the regulations are clarified over time.