Consider the processing of personal data in your project and evaluate it.

• Are the security measures sufficient? Are they appropriate for the level of data protection? 
  
• Do you need to inform individual data subjects about the processing of their data or obtain their consent? 

Ultimately, you must decide for yourself whether the risk of using a particular service is acceptable for the intended purpose and whether further security regulations may need to be adopted.

If you are unsure, get support from your organisation or partner organisations. Data protection officers and IT departments are particularly helpful in these considerations, as are specialist departments that have a good overview of the type of data involved, such as HR departments, accounting, course organisers, etc.

Tip

If in doubt, document your considerations and decisions. In the event of a data protection incident or an inspection by a data protection authority, you can prove that you have dealt with the risks.