According to Art.32 GDPR — v2 — 04 Aug 2025
This document describes the technical and organizational measures implemented by the Joint Institute for VLBI ERIC (JIV-ERIC) to meet legal and contractual requirements when processing personal data.
The measures described in numbers 1 to 11 serve the purpose
The following measures apply to all data processing activities that are under control of the JIV-ERIC on its Jupyterhub environment. In situations where JIV-ERIC is the data controller and another organization is the data processor on behalf of JIV-ERIC, JIV-ERIC aims at ensuring that the technical and organizational measures implemented by the subcontracted processor equals at minimum the processing security level indicated by following measures. Please note: In federated service delivery scenarios, one or more data controllers and one or more subcontracted data processors may be entrusted with or involved in processing personal data.
All access rights (both for access to IT systems and data) are assigned according to the principle that employees and third-party users are only granted the level of access they need to perform their activities (need-to- know principle). The access rights granted are reviewed regularly. Rights that are no longer required are withdrawn immediately. Access to networks and network services is restricted by technical and physical measures. Access to wireless corporate networks that allow access to personal data is protected by personalized authentication (PKI, IEEE 802.1x).
The building in which JIV-ERIC is hosted is not publicly accessible. Access restrictions are enforced by a personalized access medium for staff, or through pre-reservation as visitor with registered check in/check out at the front desk during office hours. The server running the Jupyterhub service is situated in the JIV-ERIC Data Centre server room, which is separately physical-access controlled and only a minimum subset of staff have been granted physical access to the room. This subset includes JIV-ERIC Technical Operations staff and non-JIV-ERIC staff such as building-wide emergency response staff and a subset of building-wide ICT support staff to provide (emergency) ICT support.
All data processing systems are equipped with a secure authentication mechanism (X509 certificate, passphrase protected SSH keys, or password protection). For authentication on data processing systems (IT systems), secure passwords are used that have sufficient length, are robust against dictionary attacks, do not contain strings of consecutive letters or digits and are not based on facts that could be easily be guessed by others. Passwords must be changed whenever there is an indication that the password has been compromised. A changed password must not match or contain a password that has been used in the past. Two-factor-authentication is used for external access to the internal network. Documents that may contain confidential information must not be kept open and unattended on desks or in other freely accessible storage areas.
New employees are familiarized with the main regulations on information security and data privacy relevant to them at the start of their employment or assignment. User activities, including logon attempts to data processing systems (IT systems), are logged to the extent required. User accounts via which personal data can be accessed as part of processing activities must be personalized and must not be shared by more than one person. Configuration files are historized, backed up and checked regularly and as required.
It is ensured that personal data collected for different purposes are not mixed in their processing. To this end, multitenant systems are used where necessary, or systems are physically or logically separated.
The personal data are stored in an encrypted database, with only one process having access to the decrypted data. The database decryption key is not stored but is required to be supplied manually at system restart. The use of any type of private Internet/Cloud storage for the (temporary) storage of private data data is prohibited. Confidential data will never be stored on private storage media or end devices. Personal data that are no longer required are deleted. Electronic storage media and paper documents that are no longer required will be disposed of or destroyed / made unusable in such a way that it is no longer possible to gain knowledge of the data stored or contained on them. All mobile devices used for business purposes are configured in such a way that they are protected by a query for a secret (e.g., PIN, pattern or biometric information) in the lock screen. The lock screen is automatically activated during inactivity.
Measures for pseudonymization or anonymization of personal data are implemented to the extent necessary. Data in development environments used for testing purposes is anonymized or pseudonymized wherever possible. Data on the usage of websites that is evaluated to generate usage statistics is anonymized.
A firewall is in place. When personal data is transmitted via public communication networks, secure end-to-end encryption of the communication is ensured. When establishing secure connections (VPN tunnels) offering access to IT resources via public networks, two-factor authentication is used as a matter of principle. Paper printouts and exports of confidential data from their source system are avoided whenever possible. Hard copies and electronic exports of confidential information leaving the business premises are handled with special care, taking into account the relevant confidentiality level - with the aim of preventing disclosure, loss and unauthorized copying. As soon as a paper printout is no longer required, it is destroyed. Electronic data exports that are no longer required are deleted again from the respective storage location and any transport data carrier used.
Data backups of databases and operating system images are taken to the extent required and with the aim of preventing the loss of personal data in the event of a technical malfunction or human error. Backups are performed for drives and servers in productive operation, and the performance is recorded (logged) and monitored. The recovery of data backups is tested.
The selection of subcontractors is carried out with the objective of ensuring that there is no increased risk to compliance with data protection objectives. Depending on their role and the scope of access to confidential or personal data, subcontractors must, among other things, acknowledge and comply with regulations on secrecy / confidentiality as well as data protection (e.g., confidentiality / non-disclosure agreement), as well as an information security policy for suppliers. In the case of security-critical subcontractors, service providers or suppliers, the following reporting and audit requirements are implemented: evaluation of contractually agreed reports (e.g., security events/incidents, availability statistics) as well as supplier audits using a self- assessment questionnaire, with an additional on-site inspection as necessary.
Information on potential technical vulnerabilities or errors in data processing systems (IT systems) is evaluated at regular intervals and appropriate measures are initiated. Critical patches are deployed for both operating systems and software applications in use. Data processing systems (IT systems) are checked regularly to the extent required and after changes ensured that they are functioning properly.