Processing personal data on JSC's infrastructure

The processing of personal data (i.e. individual information relating to the personal or material circumstances of an identified or identifiable natural person) is generally possible on JSC’s HPC infrastructure. Prerequisite for this is compliance with the General Data Protection Regulation (GDPR). For principal investigators (PIs) and users planning to process personal data on JSC’s infrastructure it is mandatory to ensure this compliance – preferably already before a project application is filed, in order to avoid delays in the start of the project.

Assessment of GDPR compliance

To support PIs and users in planning their projects in compliance with the GDPR, JSC has established a Data Protection Team (DPT). The DPT assesses the proposed use of personal data and evaluates whether all requirements for processing the data at JSC are met. If necessary, it will jointly agree with the PI/users on appropriate measures to protect this data. Then an addendum to JSC’s general terms of usage containing this agreement has to be signed by the PI/users before the project starts.

For the assessment by the DPT, please fill out the form below and press the submit button. In case you have any question concerning this form or concerning processing personal data at JSC in general, please do not hesitate to contact the DPT ( All fields marked with a red dot are required.

Please briefly describe your (planned) access to the JSC infrastructure resources. In case you have already a computing time or data project, please specify the project acronym and the PI of the project.

Please describe briefly what data and information is to be used/processed.

Data that directly or indirectly reveal or enable a reference to a person are fully subject to the applicable data protection law. This also applies to pseudonymized data. Only anonymous data, for which no personal reference can be established by anybody, are exempt and can be processed without restrictions.

The origin of the data is essential for the legal classification and approval of the application. If the applicant (or the applying institution) has collected the personal data directly from the data subject, the responsibility for a data protection-compliant use lies entirely with the applicant and must be confirmed by the responsible Data Protection Officer. Should the data have been collected by third parties (institutions, projects, data traders) and made available to the applicant, a Data Usage Agreement regulates possible further use. Confirm that this is the case.

The data controller must ensure data protection compliance and be able to demonstrate this in terms of accountability. A confirmation by the data protection officer (of compliance with the principles of data protection law such as legal basis, consent of the data subjects, duty to inform, etc.) of the applying institution enables the application to be approved. (for individuals, support from the Data Protection Mgmt Team is possible, if required).

If the data is received by a third party, the third party is responsible for the data within the meaning of data protection law and regulates the disclosure/transfer of the data contractually or by means of an agreement. Confirm that the processing described in the application is possible.

Last Modified: 09.06.2022