Conference / Meeting

The protection of personal data in the context of research - Training

24 November 2022
25 November 2022
Start time 
9:00 am
Directorate of Research Services and Valorization in collaboration with the Privacy Office
Target audience: 
Reserved meeting
Reservation required
Registration deadline: 
22 November 2022, 23:59

24 November 2022

Where: Conference Room 2R - Mesiano
The meeting is reserved for members of the Povo-Mesiano departments and centres

25 November 2022

Where: Aula Kessler, via Verdi 26 -Trento
The meeting is reserved for members of the departments and centres located in Trento

The objective of this training sessions is to provide an in-depth overview of the principles and content of the legislation in force in the field of data protection, the obligations it entails, and the security measures that must be adopted in relation to the research work conducted in different disciplinary areas.

The course is divided into two parts:

  • in the first part, the speakers will provide general information on the legal framework and more specific details for the different research areas;
  • in the second part, the speakers examine a number of real research projects and the University's forms and documents.


  • Stefano Aterno – Data Protection Officer (DPO)
  • Simone Franca – research fellow of the Faculty of Law


Part 1:

The regulatory framework on the protection of personal data:

  • General Data Protection Regulation (GDPR)
  • Legislative Decree 196/2003 (as amended) (Privacy Code)
  • Rules of ethics for the processing of data for statistical or research purposes
  • Requirements of the Italian Data Protection Authority on the processing of personal and genetic data for research purposes

Roles, appointments and responsibilities of the parties in research projects:

  • Data Controllers/Data Processors/Authorised staff
  • Communication of data to partners in EU countries
  • Transfer of data to partners in non-EU countries

Risk assessment and security measures:

  • Risk analysis and data protection impact assessment
  • Pseudonymisation, encryption, backup and other measures
  • Anonymization, pseudonymization and hashing

Data breach and audit:

  • Definition of personal data breach
  • Case studies (human factor, ransomware, phishing, Trojan horses, viruses, spam and malware)
  • Controls by the Data Protection Officer (DPO) of the University and third parties
  • Controls by the Italian Data Protection Authority.

Part 2:

Overview of practical cases.

An introduction to the University's organisational model:

  • The University Data Protection Regulation and Privacy Organization Chart
  • Privacy requirements for project coordinators, as Data Processors, and guidelines on data protection (Project Privacy form, Information on the processing of personal data for research purposes; Instructions for data subjects; processing register)
  • Overview of the University forms and the privacy legislation and research page on the University website
  • University Guidelines for the Protection of Personal Data in the Field of Research
  • Supporting bodies and offices: Data Protection Committee, Data Protection Officer, Privacy Office, Privacy Compliance Office, Research Ethics and Integrity Office; Specialist Privacy Group.