GDPR and training
How to organize GDPR compliant online events
Date(s): 28 October 2020
The OpenAIRE Community of Practice for Training coordinators hosted this 1.5 hour-long webinar and collaborative writing sprint on organizing GDPR compliant online events.
Prodromos Tsiavos (Legal Adviser of "Athena" Research & Innovation Center and OpenAIRE) provided good practice advice and Walter Scholger (Zentrum für Informationsmodellierung, Austrian Centre for Digital Humanities, Universität Graz) talked about the Consent Form Wizard https://consent.dariah.eu/ followed by discussions on how to make sure that GDPR requirements are properly addressed and personal data is protected. It covered best practices for online event organisation, including pre- and post-event (registration, carrying out, evaluation, etc.). It also addressed the following aspects: how to inform correctly about a session recording and how to make the recordings available (e.g. with public chat messages, etc.), good practices on making collaborative documents (developed at online sessions) publicly available, issues to consider during large online events, how to optimize the online events workflows, whether national differences in Europe play a big role, etc. Plain language templates and checklists were discussed in breakout group writing sprints and will be shared with a wider training community.
The following good practice recommendations are being developed during the writing sprints:
- Before the event: Template/s: plain language wording for online registration forms (disclaimers, permissions, notice that consent could be withdrawn any time) and good practices for online events registration - e.g. a host organization manages registration on its website and has full control of data and a way to safely manage it, event access under password (not a direct link), etc. Moderator: Rene van Horik (DANS, EOSChub)
- During the event: Wording suggestions for recording announcements, disclaimers and permissions (e.g. what will be captured - video, webcam footage, audio, text chat messages and displayed username; inform participants on how to anonymize themselves - change names, blur video, etc; is the participant’s consent needed - in writing - accept and continue at registration or verbal expression is sufficient, etc.). Any other tips for running online events. Moderator: Ellen Leenarts (DANS, OpenAIRE)
- After the event: Template/plain language wording to deal with personal data in evaluation/feedback forms. GDPR friendly tools and checklists for making online session materials publicly available - recording, collaborative documents, etc. Checklists/workflows for keeping online events documentation, registration and recording: e.g. beware of not keeping backups with actual names and email addresses; anonymize before backing up and storing, secure storage (encrypted?), etc. Retention period: for how long the data could/should be kept and when it will be deleted, etc. Moderator: Iryna Kuchma (EIFL, OpenAIRE)