Evaluate the protection requirements of the data generated in your project and ensure that this data is adequately protected. For an initial rough overview, we divide the data into 3 categories:

1. Data with no to low risk
2. Data with limited risk
3. Data with high risk

Examples

• Documents that are published anyway are harmless. As a rule, they only contain a small amount of personal data, apart from the names of authors or citation sources, for example. There is a low risk here from a data protection perspective.
• Documents that contain the professional contact information of project participants and are only made available to the project team also pose a low risk.
• Contact lists containing participants' private or professional email addresses are classified as at least a limited risk. In contrast, documents have a high risk if they contain a contact list that includes not only the e-mail address but also the private addresses and other personal information, such as date of birth or marital status. 
• Data according to Article 9 of the GDPR, so-called "special categories of personal data", are particularly worthy of protection. These are data revealing "racial" and ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as genetic data, biometric data, health data or data concerning a person's sex life or sexual orientation. The processing of such data is considered highly critical and therefore poses a very high risk. 
• Personal data relating to children also falls into the high risk category and requires special protection. Here too, extensive precautions must be taken to protect the data. 

For a detailed analysis (a so-called "threshold value analysis"), we will refine the risk assessment later if necessary.

Task

Take the list you created in the previous step and assess the protection requirements of the documents based on the personal data they contain. 

The document contains the following columns: 

• Column 1: Document (e.g. contact list of the project team, project manual, final report, etc.)
• Column 2: Personal data contained (e.g. name, e-mail address, etc.)
• Column 3: Risk classification (low, limited or high)