Guidance on the protection of personal data of persons of concern to UNHCR

Summary

The “Guidance on the Protection of Personal Data of Persons of Concern” assists UNHCR personnel in applying the Data Protection Policy (DPP) adopted in May 2015. It elaborates on principles, concepts, and procedures to facilitate implementation, addressing requests from the field and auditors.

This Guidance applies to all personal data processing related to persons of concern to UNHCR, including refugees, asylum-seekers, and internally displaced persons. It is relevant for data controllers, protection focal points, and data processors within UNHCR.

Key terms and definitions include aggregate data, anonymization, assent, consent, data controllers and processors, data protection focal points and officers, and personal data breaches. It emphasizes concepts like data minimization, pseudonymization, and subject access requests.

The document follows the structure of the Data Protection Policy, elaborating on principles such as legitimate and fair processing, data subject rights, data security, and accountability. It also covers important concepts like personal data, data breaches, impact assessments, and data transfers, highlighting their importance and the close link between the Guidance and the mandatory Policy.