The policy, overseen by the Data Protection Officer, applies in tandem with the information system security policy and the open science policy and is fully part of the institution’s system of governance of scientific data.
Who does the GDPR policy apply to?
This policy applies to all parties (staff, partners, stakeholders, etc.) who provide information of any kind. All of the Institute’s employees are subject to it.
Furthermore, it also applies to any person with whom INRAE works or who acts on behalf of INRAE and who may require occasional access to personal data.
INRAE has just finalised an e-training course to help staff learn all the ins and outs of the GDPR. Five modules are offered, in French and English, including a practical application and a module on risks and sanctions.
The Data Protection Officer regularly offers additional awareness-raising activities. More resources and tools are available to staff on the intranet, including help choosing required GDPR formalities.