Public Availability of Research Data

Sphinx will not have to store/access personal data for research purpose but it will use data created by the users within the three pilots of the platform. Even though there is no need for any personal information Sphinx has to employ the necessary techniques, to ensure that data privacy is respected. Since the adoption of the General Data Protection Regulation (GDPR) by all member states of the European Union (EU), all parties that handle and store personal data, referred to as data controllers, and parties that perform processing of said data, referred to as data processors, need to conform to specific guidelines that govern both the storage and processing of data and the ability and rights of data subjects to control their stored data. The present document covers the main techniques that will be employed by Sphinx to ensure private data protection and GDPR compliance.
At first, a review of the most commonly-used encryption and anonymisation techniques is given. Storing and processing data requires that certain guidelines of the GDPR are respected; these guidelines are briefly reviewed and the way Sphinx conforms to these guidelines is outlined.