D2.5 Privacy Risk Assessment for ENVISION

Privacy and data protection is major challenge that needs to be addressed by EU funded projects given their collaborative nature. The General Data Privacy Regulation (GDPR) defines personal data as any information which is related to an identified or identifiable natural person. To this end any information that could individually or collectively lead to the identification of a natural person directly or indirectly (i.e., name, address or location data, identification number, commercial identity, IP address, etc.) are personal data.
All data collected must be kept secure and inaccessible to unauthorized persons. These data need to be handled with appropriate confidentiality and technical security, as required by National and European Union (EU) legislation and recommendations.
A privacy risk assessment is performed to safeguard that possible privacy breaches can be detected and facilitate informed decision-making that will minimize possible privacy risks and problems. Since the early stages of the ENVISION project, a proactive approach was adapted in minimizing possible negative impacts on the level of privacy and data protection, as well to consider the necessary measures to mitigate the identified risks.
The deliverable at hand presents an Overview of the Personal Data Framework presenting the basic EU and National legislation, as well as the personal data handled within the project. The next chapter presents the privacy risk assessment definition and characteristics and the methodological framework used to perform the privacy risk assessment. Finally, risks and mitigation measures are presented in detail.