Operational Circular No. 11, entitled “The processing of personal data at CERN” (OC 11) entered into force on 1 January 2019 and was the first major step to update the rules and processes of the Organization concerning the processing of personal data.
The two new OC 11 annexes, which have now been introduced, establish the Data Protection Commission (DPC) – CERN’s independent supervisory authority in matters of data protection.
The DPC’s mandate is to monitor CERN’s compliance with OC 11, to ensure the application of OC 11 and, in particular, of data subject rights, and to evaluate and investigate complaints lodged by data subjects, regardless of their connection to CERN.
This is in line with best practices in the Member States and other intergovernmental organisations and aims to provide assurance to individuals and partners that personal data is always handled with due care and respect.
The DPC will be composed of three external data protection experts, recommended collectively by representatives of the Director-General, the Staff Association and the Office of Data Privacy for nomination by the Director-General. The next step will be the recruitment of the DPC’s members, so that, hopefully by the beginning of 2022, the DPC can commence its work at CERN.
If you are interested in learning more about CERN’s supervisory authority, an article on the Privacy web site provides a deeper insight.