Privacy & security

The EDT is hosted by an external independent and certified Dutch IT organization. To protect the personal data included in the EDT, the database meets the security requirements for IT services set by the Dutch government and complies with the new European privacy legislation, including the General Data Protection Regulation (GDPR).

Access to the database is strictly limited to researchers involved in the project.

Prior to data-entry, a confidentiality statement is signed by the participating organisations and researchers.

Furthermore, the involved researchers have the necessary authorization and security clearance for processing the judicial data from their own Member State.

Before the data-entry started a Privacy Impact Assessment (PIA) was carried out. In this document measures are described on how to deal with privacy and security issues. In this way the extent to which the data processing is compliant with GDPR and the EU Directive 2016/680 was clarified.

One of the safety measures employed in this project is the encryption of personal data by a Trusted Third Party. This means that personal data fields are not accessible or visible after having been entered. The database information can only be updated by means of a two-way encryption procedure, which allows the pseudonymized personal data to be decrypted from the database to request new (case) information about the concerned data subject if required.