The "General Data Protection Regulation" (GDPR, Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) has entered into force on 24 May 2016 and will directly apply from 25 May 2018 in all EU Member States. Consequently, SHARE-ERIC has to comply with all the provisions set out by this new European data protection legislation.
The aim of this project is to ensure compliance of the SHARE data collection, processing and dissemination as well as all other operations of SHARE-ERIC and the SHARE Country Teams with the GDPR. The project includes the review and (where necessary) revision of all existing documents (such as contractual documents, memos on data processing and consent materials) and procedures (e.g. the processing of internal and released SHARE data, storage and processing SHARE user data and technical and organisational security measures) that relate to data protection. Particular importance is placed on compliance with documentation and verification duties set out in the GDPR.
The project also seeks to establish constant exchange of information on data protection related topics and in particular new legislation with other scientific institutions, research infrastructures and scientific projects. Since SHARE is centrally coordinated at the Max Planck Institute for Social Law and Social Policy SHARE cooperates with other Max Planck Institutes and the Data Protection Officer of the Max Planck Society in a working group (set up in September 2016) that develops a data protection concept in accordance with the provisions of the GDPR. Furthermore, exchange of information on this topic takes place with the European Social Survey (ESS) since SHARE and ESS are facing similar challenges.