Navigation path

Additional tools

DPO-1946.6 GENERIC NOTIFICATION OF ICT INFRASTRUCTURE AT THE JRC

Directorate-General: Joint Research Centre

Controller: BIERLAIRE Philippe

Publication: 2017-02-07

Processing

1. Name of the processing

GENERIC NOTIFICATION OF ICT INFRASTRUCTURE AT THE JRC

2. Description

DG JRC provides a modern and high -performance ICT infrastructure for the JRC administrative systems and for the JRC scientific systems. The JRC network services are organised in the following ways:
- the inter-site network is organised centrally by the Informatics, Networks, Library Unit (INLU)
- the site specific local networks are managed in each site whilst adhering to common standards. The NET1 platforms and data are managed by each site
- the Ispra Data Centre covers systems to support JRC corporate data and applications and some scientific applications
- all other scientific systems are managed by the JRC Institutes.

Personal data may be processed:
- in user directories (see notification “Identity Management Services” DPO-839 to provide user authentication, access control and authorisation facilities for Commission information systems and infrastructure services),
- in log files when accessing servers or databases (see notification “Log files of DIGIT operational environment” DPO-834)
- and in many information systems (see the relevant notifications).

Most specific notifications of JRC systems and applications refer to the present notification, mainly for the standard security aspects provided. This means that the present notification is not a typical notification and the replies to most questions show that it does not describe processing of personal data. It is meant to serve as a framework for all systems running on the JRC ICT infrastructure.

3. Sub-Contractors

n/a

4. Automated / Manual operations

DIGIT C manages the accounts required to administer the Commission wide IT infrastructure and network. For the JRC this also includes the NET1 domain controllers and ECAS authentication system that are used in all the JRC sites. The IT support services in each JRC site manage the accounts required to administer their respective IT infrastructure and network. These accounts are used by system administrators for configuration and change management purposes.
Backup copies of files and databases are taken at regular intervals and are only used for restore purposes under the control of the respective data owners. Personnel have been instructed to handle backup media as black boxes and to restore their contents to an area where the data owner has complete control over which individual items to restore.
See also notifications of individual information systems processing personal data.

5. Storage

Digital storage media like hard disks and long-term backup media.

6. Comments

Purpose & legal basis

7. Purposes

Make available an efficient and secure ICT infrastructure to JRC for its operation and research activities, including those processing personal data. Access to personal data is done only when necessary for trouble shooting, analysis of performance problems, general user support, when validating the performance of contractual conformity and for performance and capacity management.

8. Legal basis / Lawfulness

EU Treaties, e-Commission communication.

Lawfulness is based on Article 5(a) of the Regulation.

Data subjects / fields

9. Data subjects

Any person, whose personal data have been collected and are processed by information systems that use the JRC ICT infrastructure.

10. Data fields

See the declared data fields in the respective notifications.
The present one serves as a framework for all systems that use the underlying JRC ICT infrastructure.

Rights of D.S.

11. Information

See Staff Notice 45/2006 on “Acceptable use of the Commission ICT services (PC equipment, e-mail and Internet access systems, telephone, fax and mobile phones)”.

Refer to the privacy statements in the notifications that refer to the present notification.

For information to JRC IT professionals, see the 1st document attached "Compliance with the Data Protection Regulation of Statutory Personnel who administer ICT systems in DG JRC" by the IRM and see the JRC Intranet web page on "Personal Data Protection".

12. Procedure to grant rights

Refer to the privacy statements in the notifications that refer to the present notification.

13. Retention

Will be defined in the respective notifications.

14. Time limit

Will be defined in the respective notifications.

15. Historical purposes

Will be defined in the respective notifications.

Recipients

16. Recipients

ICT system administrators including database administrators, network and security managers.
Data will be accessible to IT system administrators of JRC, and to IT Service Providers that resolve technical problems. The IT Service Providers operate under the framework of service contracts and have signed a nondisclosure and confidentiality agreement. All JRC IT staff have been informed on their duties in the data protection area (see 1st document attached on “Compliance with the Data Protection Regulation of DG JRC statutory personnel processing personal data”.

17. Transfer

Will be defined in the respective notifications.