Confidentiality and data security in HE projects

Confidentiality refers to limiting the scope of audience to specific types or pieces of information – its purpose is to protect data from being misused. Misuse of data can have various consequences in terms of security, reputation and compromising implementation, which affects HE projects directly. Legal protection is paramount in keeping project data safe which is mirrored in the obligations set forth by the Grant Agreement Let us have a look at them.

First and foremost, how do we know what information should be kept confidential?

The Grant Agreement contains an article specifically dedicated to Confidentiality and Security (Article 13) which includes identical provisions for every beneficiary. Article 13 differentiates between two main categories of information: sensitive and classified.

Sensitive information

“Any data, documents, or material (in any form) that is identified as such in writing (…)” is considered sensitive information under the Grant Agreement. For example, at the Grant Agreement Preparation stage, beneficiaries define the dissemination level of their deliverables in consultation with the European Commission. Wherever deemed necessary, the dissemination level may be set at sensitive.

The identification of sensitive information is a crucial step, as it brings the data under the protection of the Grant Agreement. Both the beneficiary and the European Commission are bound to keep sensitive information confidential for a period uniquely defined for each project. Disclosure is tied to specific conditions.

Classified information

Classified information, our second category, refers to information protected by European Union, international or national law. When a project includes classified information, beneficiaries may need to obtain authorisations enabling them to implement the project.

Responsibility to assess these obligations is with the beneficiaries themselves. The Annotated Grant Agreement clearly states that the beneficiaries are responsible for making sure that they obtain all necessary authorisations and that national or third country requirements do not restrict the implementation of their project.

Restrictions are underpinned by HE rules as well as they prohibit disclosure to any third parties, including  the participants involved in the project implementation. This applies unless the European Commission gives written authorisation. Furthermore, in case a deliverable contains classified information, specific procedures must be followed for its submission.

Never forget protecting personal data

Last but not least, beneficiaries must ensure that the personal data they process in relation with their project is compliant with the applicable legislation. Article 15 of the Grant Agreement outlines specific actions for the beneficiaries to meet this requirement.

Innovation projects are complex to begin with, and ensuring that the vast amount of information is categorised and handled in an efficient and compliant manner is nothing short of challenging. Creating a sound strategy and finding the right dissemination level for your deliverables at the Grant Agreement Preparation stage can save you a lot of time. Updating dissemination levels after signature requites an official amendment to the Agreement.

We are available to guide you in creating policies that will make your life easier and your data safe. Do not hesitate to contact us at