Personal Data Protection

As a public institution, EPFL aims at being an exemplary organisation. Transparency is a core EPFL value and we are committed to building strong and sustainable relationships with our stakeholders.

General

EPFL processes a large quantity of personal data and attributes great importance to data protection and to privacy. We know that when a third party entrusts personal data to us, it is relying on us.

This section will help you to find the main information about personal data protection, such as definitions, key principles or rights you can exercise as natural person

Definitions

Some general definitions about personnal data, data controller, data processor, etc.

Main Principles to keep in mind

What is important when processing personal data is to keep in mind the fundamental principles of the law.

Rights of the Individual

One fundamental right of the Data Protection Laws (FADP and GDPR) is the access right.

EPFL’s obligation

EPFL processes a large amount of personal data and attributes great importance to data protection.

Training

Training staff on data protection is one of the DPO’s key activities.

In practice

In this section you’ll find some concrete examples and best practices adapted to EPFL.

Privacy in research

The Guidelines for research involving personal data.

• Data anonymization
• Examples and real cases of data processing

Privacy in lab/unit administration

You will find various examples that you may face, as well as best practices to adopt.

Other sections

Data Protection Officer

In this page you will understand the role of the Data Protection Officer (DPO) at EPFL

Laws and Regulations

• FADP and GPDR
• Human Research Act (HRA)
• Official Secrecy