Skip to main content
4 minutes reading time (887 words)

GDPR and Training: How to organize GDPR compliant online events


Take-aways from the workshop organised by the OpenAIRE Community of Practice of training coordinators  

 Blogpost by Rene van Horik, Ellen Leenarts (DANS) and Iryna Kuchma (EIFL)

The topic of the workshop concerns issues related to the processing of personal data in relation to a training event. GDPR requirements must be properly addressed and personal data must be protected. Obviously a training event cannot be organised without having information on the background of the participants to prepare the workshop or to organise follow-up activities. How to manage the personal data without violating the GDPR regulations?

After an introduction on the topic from Prodromos Tsiavos (Legal Adviser of Athena Research & Innovation Center and OpenAIRE) and Walter Scholger (Zentrum für Informationsmodellierung, Austrian Centre for Digital Humanities, Universität Graz), discussion continued in three groups with respectively focus on GDPR issues before, during and after a training event. Below a short description of the outcomes of the discussions is given.

 Before the training event

Registration of participants is obviously a prominent part of organising a training event. The details of the registration process should be communicated with the participants by means of a consent form.

The DARIAH ELDAH consent form wizard (CFW) is a tool that guides the user through a questionnaire that will consequently generate a GDPR-compliant form for obtaining consent from data subjects, tailored to specific purposes and the data categories the training organiser intend to collect.

 During the session a demonstration of the CFW-tool was carried out. It seems the wizard covers all data protection aspects to think about when organising a training event. The template generated by the wizard is not saved in the tool. A point of attention is that if Google drive is used to store collected information it should be noted that the USA is currently not part of the EU GDPR space. (So the USA cannot be considered an adequate privacy "safe-guard"). The CFW is relevant both for pre-event and post-event purposes, because the consent form covers issues such as how long specific information will be kept and for what purposes.The interface of the CFW tool is currently translated in a number of languages and is available under CC-0 license (the source code is on Github).The participants of the group really welcomed the CFW-tool. The tool seemed to be a good basis for creating consent forms when organising events and processing personal data in different scenarios. When using the tool it should be taken into account that national laws may apply additionally e.g. a local COVID-19 law that requires registration when entering a building. The wizard does not mention these national laws.

 During the training event

During your online training event, keep in mind the following: 

  • Participants should be be offered the possibility to enter a meeting with a pseudonym and/or without their video.
  • Chat records do not have to be kept.

Collaborative writing tools 

What are the alternatives to Google docs? Consider these alternatives:

 After the training event

Evaluation/feedback forms

  • Avoid collecting personal information - keep feedback forms anonymous and include any other questions/requests (e.g. permission to sign-up to the mailing list or send another questionnaire six months later, etc.) as a separate request/new page to have 2 separate databases.
  • Consider the alternatives to Google feedback forms:
    • GDPR compliant tools such as Typeform - free for up to ten questions
    • or this Slovenian solution
    • make sure to budget for these kinds of tools in your project proposals!
  • Think about statistics you would need - e.g. stakeholders, countries, gender - keep the reports you've made, even if you didn't exactly need them at the time, but delete the underlying personal/sensitive data. 

Back-up and storage
  • Beware of  keeping backups with actual names and email addresses! 
    • anonymize before backing up and storing
    • ensure secure storage (encrypted if needed), etc. 
  • Create a structure with folders, events, for data controllers
  • Make sure that signed participants lists are not included in the project deliverables. You might need to keep signed documents for financial audit of a project if this is required by a project!
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Related Posts