Summary

• Page properties (1 modified, 0 added, 0 removed)
• Attachments (0 modified, 0 added, 2 removed)
  • Fig3_20231012.jpg
  • image-20231121092250-1.png

Details

Page properties

Content

...	...	@@ -1,34 +1,30 @@
1		-== HDC/VRE onboarding ==
	1	+== H2 Headings Will Appear in Table of Content ==
2	2
3		-[[image:Fig3_20231012.jpg||style="float:left"]]
4	4
5		-//Figure 1. Steps to lawful processing of health data.//
	4	+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
6	6
	6	+>This is a quote. You can add a quote by selecting some text and clicking the quote button in the editor.
7	7
8		-The Virtual Research Environment (vre; vre.charite.de) is the node of HDC at the Charité—Universitätsmedizin Berlin for collaborative processing of the special category of health data in compliance with the **European Union's General Data Protection Regulation (GDPR)**. According to GDPR the **special category of Health Data** includes all data pertaining to the health status of a data subject which reveal information relating to **the past, current or future physical or mental health status** of the data subject. Per Article 35(3)(b) of GDPR a **Data Protection Impact Assessment** is required in the case of processing on a large scale of special categories of data. Furthermore, per Article 37 GDPR, processing on a large scale of special categories of data require the controller and the processor to **designate a data protection officer (DPO) **that directly report to the highest management level of the controller or the processor**.** Furthermore, per Article 38 GDPR, **the controller and the processor shall ensure that the data protection officer is involved**, properly and in a timely manner, in all issues which relate to the protection of personal data. Importantly, Per Article 39 GDPR the DPO has the task to **inform and advise** the controller or the processor and the employees who carry out processing of their obligations pursuant to GDPR and other data protection provisions and to **monitor compliance** with GDPR **including the assignment of responsibilities**. Consequently, controllers must work closely with the Charité DPO and the DPOs of other participating institutions to prepare a comprehensive DPIA that addresses the risks and mitigations associated with processing health data. Consequently, **a final statement or vote of all involved DPOs on the prepared DPIA is required before VRE processing activities can commence**.
	8	+Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
9	9
10		-The DPIA documents are accessed from the Charité—Universitätsmedizin Berlin SharePoint. Access to this SharePoint requires for non-employees the **non-disclosure agreement **in the [[Drive of this Collab>>https://wiki.ebrains.eu/bin/view/Collabs/health-data-cloud/Drive]].
	10	+=== H3 Headings Will Appear In The Table of Content ===
11	11
	12	+==== You can also add images ====
12	12
13		-[[image:image-20231121092250-1.png]]
	14	+[[image:Collaboratory.Apps.Article.Code.ArticleSheet@placeholder.jpg]]
14	14
15		-//Figure 2. Externals need an NDA to access the DPIA template due to business secrets.//
	16	+Photo by David Clode
16	16
17		-As the general flow of processing operation inside the VRE is fixed to the existing tools and services, it was agreed with the DPO of Charité that **only deviations from the template** provided in the DPIA Report (file //DPIA_VRE_UseCase_Lesion2TVB_2023-09-15-EN.docx//) and Risk analysis (file //R1_Risk-analysis-for-DPIA-Neuroimage-processing-brain-simulation-within-the-Virtual-Research-Environment-(VRE)-2023-09-15.xlsx//) need to be **communicated to the Charité DPO**. This use case describes a typical processing operation that involves health data of stroke patients including Findings, Imaging Data and Clinical Test Results. In addition to the main DPIA Report and Risk analysis, the DPIA is supplemented by Annexes that describe the VRE Architecture, Authorization Concept, Risk Assessment, Terms and Policies and the VRE Data Protection Concept.
	18	+==== Or code ====
18	18
19		-To communicate changes in the DPIA Report and Risk analysis **only deviations from Use Case 1** specified in the template DPIA (//DPIA_VRE_UseCase_Lesion2TVB_2023-09-15-EN.docx)// need to be defined. The general steps of this use case include data upload to the Green Room; data minimization according and purpose limitation in Green Room; storage, organization, and controlled exposure in the Core Zone; processing with custom containerized workflows on VRE virtual machines or the VRE high-performance computer; transfer between VRE Green Room, Core Zone, JupyterHub, VM, and HPC. **Any deviation from this Use Case including transfers to and from other systems or processing on systems different from those specified in the VRE DPIA must be explicitly specified**. This includes any downloads and other forms of data exports from the VRE to other systems and processing of the data on other systems or any other networking activity with systems outside the VRE (including, for example, the sending of log files, or the integration with online repositories, etc.).
	20	+Code blocks can be added by using the code macro:
20	20
21		-To specify deviations please provide a dedicated PDF file and use the same format as used in the following chapters of the provided DPIA. It is mandatory to specify any deviations from the existing Use Case 1 regarding in particular
	22	+{{code language="python"}}
	23	+x = 1
	24	+if x == 1:
	25	+ # indented four spaces
	26	+ print("x is 1.")
	27	+{{/code}}
22	22
23		-* **the list of the names and contact details of controllers **(second page) **and processors** (chapter 4.1 “List of Processors”) according to Article 4(7) GDPR;
24		-* a **systematic description of the deviating processing activities** to those specifed in chapter 2
25		-* the **deviating processing steps** to those specified in chapter 2.2.2. "Use Case 1";
26		-* the **deviating IT Infrastructure, systems, and applications** to those specified in chapter 3, including changes to the network, infrastructure resources and hardware;
27		-* **deviating data flows** to those specified in chapter 3.3.1 and 3.3.2;
28		-* **deviating list of processors** to those specified in chapter 4.1;
29		-* **deviating transfers with third countries** to those specified in chapter 4.2;
30		-* **deviating recipients of the data** to those specified in chapter 5.3;
31		-* **deviating summary of risks** in chapter 8.1;
32		-* **deviating overall risk assessment** in chapter 8.2;
33		-* the **opinion of all Data Protection Officers** in chapters 9.1 and the **statements of the person(s) responsible for implementation** in chapter 9.2 on the revised and complete use case and processing activity;
34		-* **deviating risks and mitigation measures** to those specified in chapter 9.3 and the accompanying file //R1_Risk-analysis-for-DPIA-Neuroimage-processing-brain-simulation-within-the-Virtual-Research-Environment-(VRE)-2023-09-15.xlsx.//
	29	+(% class="wikigeneratedid" id="HH4Won27tAppearinToC" %)
	30	+

Fig3_20231012.jpg

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.michaels

Size

...	...	@@ -1,1 +1,0 @@
1		-354.9 KB

Content

image-20231121092250-1.png

Author

...	...	@@ -1,1 +1,0 @@
1		-XWiki.michaels

Size

...	...	@@ -1,1 +1,0 @@
1		-121.7 KB

Content