Ensuring data protection standards are adhered to is essential throughout the CBI project cycle. Data should be managed in accordance with IN/138 IOM Data Protection Principles and the IOM Data Protection Manual. It is highlighted throughout the manual when data protection should be considered.
Please note that at the data collection stage, a data mapping exercise should take place so that colleagues in charge of the data flow can visualize the personal data cycle throughout the project in order to ensure it is adequately managed and protected.
Overall, the following steps should be undertaken for data protection:
- Undertake a data mapping exercise.
- It is advised to conduct a risk assessment for any collection or sharing of personal data.
- Adherence to the Data Protection Principles – IN/138.
- Train staff carrying out assessment or registration to ensure confidentiality and data protection.
- Guidance from the IOM Data Protection Manual.
- Advice requested from leg@iom.int (e.g., areas for which advice may be requested may include obtaining consent from beneficiaries or signing data sharing agreements with third parties).
It is highly important to ensure consent of beneficiaries. Please contact LEG (legcontracts@iom.int) for more information on how consent may be collected and recorded and requirements to follow when consent is recorded electronically, when using biometrics to signify consent or to authenticate identity or when the beneficiary provided with the assistance is a minor.
Additionally, when working with service providers and implementing partners, it is essential to include IOM data protection principles in the contract.