Individuals Part of Datasets Withdrawing Their Consent for Data
Detailed Description
Receipt of Withdrawal of Consent
1.1. Receipt of a written or electronic notification of withdrawal of consent
1.2. The DPO (Data protection Officer) confirms the identity of the data subject
1.3. The DPO registers the withdrawal of consent in the Data management system of the GDI node.
Data Identification
2.1. The data manager identifies all data records associated with the data subject.
2.2. Data may be identified through unique identifiers (e.g., ID number, email address) or other relevant criteria.
Data Removal
3.1. The data manager securely deletes the identified data from the data repository
3.2. Data deletion methods should be in accordance with the organization’s data retention policy and applicable data protection regulations.
3.3. If complete deletion is not possible or desirable, data may be anonymized or pseudonymized to remove any personal identifiers.
Documentation
4.1. The data manager documents the data removal process, including:
4.1.1. Date of receipt of the withdrawal of consent
4.1.2. Data subject’s identification information
4.1.3. Data sets affected
4.1.4. Methods used for data identification and removal
4.1.5. Confirmation of data deletion or anonymization
Incident Management
5.1 In case of accidental data retention or unauthorized access to data after withdrawal of consent, an incident response plan should be activated.
Notification
6.1 The DPO informs the data subject of the completion of the data removal process, as required by applicable regulations.
EU operation level
7.1 GDI data aggregator should be informed with no delay of the removal of the data / dataset id to be remove from search applications
Motivation
To Comply with data protection regulations in term of data sharing for individuals
Existing Procedures or References
No response
Impact
No response
Stakeholders
1+MG Management Board
Data protection Officer
Data management team
Node administrators
Node management team
IT security team
Additional Information
No response
Requester GDI role
Yes
Requester GDI Node
No response
Confirmation
[X] I have searched the existing SOPs and this request does not duplicate an existing SOP.
[X] I understand that submitting this request does not guarantee the creation of the SOP.
SOP topics
Data & metadata management
SOP type
Node-specific
SOP Title
Individuals Part of Datasets Withdrawing Their Consent for Data
Detailed Description
Receipt of Withdrawal of Consent 1.1. Receipt of a written or electronic notification of withdrawal of consent 1.2. The DPO (Data protection Officer) confirms the identity of the data subject 1.3. The DPO registers the withdrawal of consent in the Data management system of the GDI node.
Data Identification 2.1. The data manager identifies all data records associated with the data subject. 2.2. Data may be identified through unique identifiers (e.g., ID number, email address) or other relevant criteria.
Data Removal 3.1. The data manager securely deletes the identified data from the data repository 3.2. Data deletion methods should be in accordance with the organization’s data retention policy and applicable data protection regulations. 3.3. If complete deletion is not possible or desirable, data may be anonymized or pseudonymized to remove any personal identifiers.
Documentation 4.1. The data manager documents the data removal process, including: 4.1.1. Date of receipt of the withdrawal of consent 4.1.2. Data subject’s identification information 4.1.3. Data sets affected 4.1.4. Methods used for data identification and removal 4.1.5. Confirmation of data deletion or anonymization
Incident Management 5.1 In case of accidental data retention or unauthorized access to data after withdrawal of consent, an incident response plan should be activated.
Notification 6.1 The DPO informs the data subject of the completion of the data removal process, as required by applicable regulations.
EU operation level 7.1 GDI data aggregator should be informed with no delay of the removal of the data / dataset id to be remove from search applications
Motivation
To Comply with data protection regulations in term of data sharing for individuals
Existing Procedures or References
No response
Impact
No response
Stakeholders
Additional Information
No response
Requester GDI role
Yes
Requester GDI Node
No response
Confirmation