Privacy Statement

Privacy statement for ENISA expert groups

Why do we collect the data?

ENISA collects data from people applying for membership to its Expert Groups in order to manage the selection process. Due to the limited number of expert group members, a candidate selection process takes place based on each applicant’s expertise and background. Basic data about selected Expert Group members including contact information is maintained in order to facilitate the creation and management of mailing lists and information exchange among expert group members.

Data of unsuccessful applicants is deleted upon finalization of the selection process while data of selected group members and alternate members is maintained for the duration of the individual membership or the existence of the group, whichever comes first. No data from the evaluation process is stored.

As part of the Expert Group activities, members may be asked to provide their views and opinions on ENISA products or relevant NIS topics on a voluntary basis. ENISA collects this feedback to validate its products and such feedback is processed under Chatham House rules.

All personal data shall be processed in accordance with Regulation 2018/17252 on the protection of personal data by EU institutions and bodies.

What kind of personal data do we collect?

We collect data that is required for the selection of candidates and the maintenance of the Expert Group member list and for receiving expert input on ENISA products or relevant NIS topics. Such data includes:

Mandatory: first name, last name, organization that is represented, title/position, e-mail address, CVs (for the candidate selection process or for selected group members).

Optional: Opinions/feedback in the form of written/verbal comments or via forms.

Which technical means do we use to process the data?

All the data are stored in a database on a server with individual access rights via a browser. All access to your data, whether to create, consult or update entries, is via a secure Internet protocol (SSL/https).

Access to the group pages/online resources is restricted to group members with valid access credentials.

How can you access and alter your data

The Expert Group members have direct access to view their data.
Rectification and deletion of data is possible through the ENISA Expert Group administrator (and/or functional mailbox) following a request.

Who has access to your data?

The following categories will, by default, have access to your data:

  • ENISA group administrators have full access to the information;
  • Expert group members have access to names, titles, affiliations and emails of other active group members.

How long do we keep your data?

  • Names, affiliation, contact details and CVs of group members are kept as long as Expert Group formally exists or for the duration of individual membership in the expert group and an additional 6 years for audit purposes;
  • CVs of candidates not selected as members are kept for up to 5 years as per ENISA’s policy for recruitment.
  • Opinions and feedback on ENISA products are kept for a period of 6 years for auditing purposes after the finalization of the respective product(s)

Which security measures are in place against misuse or unauthorised access?

The information system is protected against unauthorised use. Access to the group pages/online resources is restricted to group members with valid access credentials. Security of processing is guaranteed similar to what applies for the ENISA website. Users within ENISA are given access rights corresponding to the requirements of their job and only to the data relevant for their purposes.

Whom to contact?

The ENISA's Data Protection Officer E-mail address :
You have the right of recourse at any time to the European Data Protection Supervisor: .