‘Personal data’ means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
See also https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-personal-data which is in all EU languages.
– First PNO collects personal data foremost for business administration e.g. to keep contact and settle invoices with clients. The PNO Privacy Statement in combination with General Terms & Conditions covers the use on the basis of shared responsibility. On-demand by a client PNO assumes the role of Processor and the client offers PNO a Processing Agreement. PNO provides a standard fill-out form Processing Agreement.
– Third, PNO collects and processes personal data from and for consortia PNO participates in. Most consortia stipulate in (consortium) agreements and annexes. the role and rights of beneficiaries, third parties and participants, with respect to processing personal data within the consortium.
The PNO Controller role can be on Advice – Management support for clients under the banner of shared responsibility, on Compliance service by ffiqs certified by ISO 27001, delivering a SaaS service (will be worked on in 2020 / 2021) or as a Beneficiary EU consortium. Click on the links in this paragraph for a ‘GDPR road map’.