d7.4 data life cycle management policy (preliminary) deliverables/d7_4.pdfd7.4 data life cycle...

This project has received funding from the European

Union’s Horizon 2020 research and innovation

programme under grant agreement No 768619

D7.4 Data life cycle management

policy (Preliminary)

The RESPOND Consortium 2019

Integrated Demand REsponse

SOlution Towards Energy

POsitive NeighbourhooDs

WP 7: Dissemination and exploitation

activities

T 7.3: Data life cycle management

Ref. Ares(2019)2262123 - 29/03/2019

WP 7: Dissemination and exploitation activities

D7.4 Data life cycle management policy (Preliminary)

2 | 60

PROJECT ACRONYM RESPOND

DOCUMENT D7.4 Data life cycle management policy (Preliminary)

TYPE (DISTRIBUTION LEVEL) ☐ Public

☐ Confidential

☐ Restricted

DELIVERY DUE DATE 31/03/2019

DATE OF DELIVERY 29/03/2019

STATUS AND VERSION v1.0

DELIVERABLE RESPONSIBLE FEN

AUTHOR (S) Rodrigo Lopez, Agustina Yara, Jaime Rico, Antonio

Colino (FEN)

Iker Esnaola, Francisco Javier Diez (TEK)

Lisbet Stryhn Rasmussen (AURA)

Toke Haunstrup Christensen (AAU)

Federico Seri (NUIG)

Lazar Berbakov, Nikola Tomasevic (IMP)

OFFICIAL REVIEWER(S) Lazar Berbakov, Nikola Tomasevic (IMP)



3 | 60

DOCUMENT HISTORY

ISSUE DATE CONTENT AND CHANGES

v0.1 04/02/2019 First version

v0.2 18/03/2019 FEN first contributions

v0.3 25/03/2019 DEXMA, IMP, NUIG, TEK, contributions

v0.4 27/03/2019 FEN further contributions

v0.5 28/03/2019 AURA contributions

v0.6 29/03/2019 Internal review by IMP

v1.0 29/03/2019 Final version



4 | 60

EXECUTIVE SUMMARY

This deliverable takes care of the data management issue during project lifetime, not only from the ICT

point of view but also from the data protection policies that are at the pressing time becoming more and

more relevant for the users. They are very important for the European Commission also and, proof of

that, is the fact that in H2020 funding framework it is encouraged to deal with this issue fulfilling a bunch

of recommendations and even taking part in a Pilot on Open Research Data that encourages the

development of Data Management Plans.

Although RESPOND project is not taking part of this pilot and therefore not under the obligation of the

aforementioned pilot deadlines, it is the will of the consortium to elaborate a Data Management Plan to

ensure at all moments that the collected data during the pilot tests are being kept safe and confidential,

of course.

Moreover, this document talks about national policies on data protection and the European common new

law known as GDPR and their implementation in this project.



5 | 60

TABLE OF CONTENTS

1. Introduction 10

2. Data Types 12

2.1 Sensitive data 12

2.2 Non-sensitive data 12

3. Pilot countries policies 14

3.1 Ireland 14

3.2 Denmark 16

3.3 Spain 17

4. EU policies 19

4.1 Rights 21

4.2 Data Protection Impact Assessment 21

4.3 National legislations 22

5. RESPOND GDPR approach 24

5.1 Objectives, pilots and participants 24

5.2 Treatment of personal data 26

5.2.1 Data Life Cycle 26

5.2.2 Treatment activities registry 28

5.2.3 Risks analysis 28

5.2.4 Security measures 30

5.3 Authorization model of personal data 33

5.4 Additional information 34

6. ICT security measures 37

6.1 Back-end infrastructure 37

6.2 Desktop front-end 38

6.3 Mobile App 44

7. Other entities recommendations 46

7.1 Open Access 46

7.2 Research data 48

8. Data life cycle management 50

8.1 Aran Island pilot site 53



6 | 60

8.2 Aarhus pilot site 54

8.3 Madrid pilot site 55

8.4 RESPOND as a whole DMP 56

8.4.1 Classification of data availability 56

8.4.2 Copyrights licenses 56

8.4.3 Data storage and sharing 57

8.4.4 Datasets template 57

8.4.5 Project datasets 58

9. Conclusions 59



7 | 60

LIST OF FIGURES

Figure 1: Research data life cycle. Source: http://www.data-archive.ac.uk/create-manage/life-cycle 11

Figure 2: Schema of data process within the project 27

Figure 3: RESPOND solution back-end infrastructure 37

Figure 4: DEXMA front-end additional information 1 39

Figure 5: DEXMA front-end additional information 2 40

Figure 6: Mobile app security schema 44

Figure 7: Open access to scientific publication and research data 48

Figure 8: FAIR data diagram 50

Figure 9: Research data life cycle. Source: http://www.data-archive.ac.uk/create-manage/life-cycle 52



8 | 60

LIST OF TABLES

Table 1: Digital rights in Spain 18

Table 2: Differences between Directive and Regulation 20

Table 3: National legislations data protection that transposed EU Data Protection Directive 95/46EC 23

Table 4: Project's GDPR legal information 28

Table 5: Risk analysis 30

Table 6: DEXCell API design security items 41

Table 7: DEXCell general security items 42

Table 8: DEXCell data management & protection security items 42

Table 9: DEXCell backup, recovery & availability security items 43

Table 10: Aran Island pilot data management summary 53

Table 11: Aarhus pilot data management summary 54

Table 12: Madrid pilot data management summary 55

Table 13: Datasets template 58



9 | 60

ABBREVIATIONS AND ACRONYMS

API Application Program Interface

ASNEF Defaulters file in Spain

CA Certificate Authority

DCC Digital Curation Centre

DMP Data Management Plan

DMZ Demilitarized Zone

DPD Data Protection Delegate

EC European Commission

EU European Union

FTP File Transfer Protocol

GDPR General Data Protection Regulation

HTML Hypertext Markup Language

IADP Impact Assessment on Data Protection

ICT Information and Communication Technologies

IP Internet Protocol

NDA Non-Disclosure Agreement

OA Open Access

OS Operative System

PKI Public Key Infrastructure

REST Representational State Transfer

RRI Responsible Research and Innovation

SSL/TLS Secure Sockets Layer /Transport Layer Security



10 | 60

1. INTRODUCTION

Horizon 2020 framework program focuses, as a novelty, in data management, for instance, encouraging

the use of Data Management Plans (DMP). In those plans it is detailed what data the project will generate

when and how it will made accessible for re-use, verification and exploitation along with the measured to

be implemented in order to preserve in a safe way the information.

Furthermore, the EU has launched the Pilot on Open Research Data in Horizon 2020 that, on a voluntary

basis, aims to improve and maximize access and re-use of research data generated by the funded projects.

When taking part of this project it is mandatory to formulate as Data Management Plan.

Although RESPOND project is fully aware of the key importance of handle data properly and preserve at

all times data protection and participants privacy, this project is not taking part in the Pilot on Open

Research Data in Horizon 2020. However, RESPOND will follow the EU DMP template to show how the

project consortium is intended to manage the data life cycle.

It is also important to note that this deliverable is a preliminary version of the data life cycle management

policy encompassed within the task T7.3 Data life cycle management which started in month M13 and

finish at the end of the project (M36). Although the majority of the sections of the deliverable have been

already successfully addressed, there are some parts still pending to collect the improvements performed

during the second half of the project lifetime.

This deliverable contains both, sensitive personal data protection in one hand, and the ITC protection

point of view in the other. Nevertheless, this second part will be fully addressed in the deliverable D5.5

Data protection and security which task starts according to the Gantt chart in month M19 although, of

course, the ITC security measures have been already designed and implemented to start protecting the

information since the very first day. Due that this deliverable includes a section with the implementations

done in that field so far.

Nowadays the concern for safeguard personal data is becoming more and more important because the

increased value of the data motivated by the new exploitation possibilities among other factors. For that

reason, some initiatives have been settled during last years like the Big Data Value Public Private

Partnership which Task force 5: Legal 6 Policy have produce valuable recommendations to create an

adequate data treatment framework without invading pilot participants privacy along with the use of Data

Management Plans (DMPs) encouraged by European commission in Horizon 2020 projects as stated

above.



11 | 60

Figure 1: Research data life cycle. Source: http://www.data-archive.ac.uk/create-manage/life-cycle

Across this deliverable, in addition to the already introduced sections of GDPR issues and ITC security

measures, it has been described the data types used during the project (split into sensitive and non-

sensitive data), the data protection policies in the three countries involved, namely, Ireland, Denmark and

Spain, and the common EU policy in this matter. Furthermore, some recommendations have been

explained to precede the project’s DMP with their pilot peculiarities.



12 | 60

2. DATA TYPES

First of all, it is important to set apart the two different types of data that the project is managing. On one

hand there are the sensitive data understood as personal data that is confidential and must respect

participant’s privacy. On the other hand, there are non-sensitive data such as energy consumptions or

comfort parameters that are not directly related to personal information.

Both types must remain save at all moment but with the special focus on preserve at all cost the sensitive

information.

2.1 SENSITIVE DATA

As explained before, this type data encompasses the following categories according to the European

Commission1:

▪ Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;

▪ Trade-union membership;

▪ Genetic data, biometric data processed solely to identify a human being;

▪ Health-related data;

▪ Data concerning a person’s sex life or sexual orientation.

Based on that definition no sensitive data will be stored, analyzed or processed in the backend

infrastructure of the project as explained in next section.

Regarding the front-end visualization tool used by the project there is no personal data (also known as

“personally identifiable information”) involved in the energy management datasets that DEXMA collect,

process, analyse and provide through Their products and services. The data received and processes are

datasets related to energy consumption buildings, designed in such a manner that no individual (data

subject) is either identified nor identifiable, i.e., the data DEXMA have, analyse and make available to their

clients and partners through the DEXCell Energy Manager platform and through their professional services

and other products, do not relate to individuals not do they allow them or any partners and clients to

identify any individuals.

2.2 NON-SENSITIVE DATA

As non-sensitive data there are encompasses all the data not included in the previous category.

Data stored and processed in RESPOND backend infrastructure can be considered all of them as non-

sensitive data as the only personal information such as names, addresses, phone and email contact details

1https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations/legal-grounds-processing-data/sensitive-data/what-personal-data-considered-sensitive_en



13 | 60

will be only known by the Pilot responsible for engagement purposes and will not be shared with the rest

of partners. Only the information related to the semantic model (locations) will be shared for the correct

performance of the project but always in an anonymized way as it is explained in section 8 of this

deliverable.

Some examples of this non-sensitive information are data collected from pilot sites about household

energy consumptions, energy productions, room occupancy, status of windows and doors (open/close),

and other monitored data like temperatures and air quality. Here it is also included the data collected

from external services (weather information, energy pricing schemes, etc.), as well as outputs of different

services, which are not related to a specific user.

Regarding the use of non-sensitive data in project’s front-end participants agree to transfer their energy-

related data when they agree to DEXCell’s Terms of Use. This is information regarding building metadata

(address, building surface, etc), and information sent by the meters and sensors (energy consumption,

temperature, humidity, etc. Also, data is collected in DEXCell via external API requests, such as

meteorological information (both real-time and forecast). The whole list of parameters can be found here:

https://docs.google.com/spreadsheets/d/1W97Yv9UWR9iwmXzknxSQSiIzjt4capmWuaZsAwNJD0g/pub?

hl=en&hl=en&single=true&gid=0&output=html.

https://docs.google.com/spreadsheets/d/1W97Yv9UWR9iwmXzknxSQSiIzjt4capmWuaZsAwNJD0g/pub?hl=en&hl=en&single=true&gid=0&output=html

https://docs.google.com/spreadsheets/d/1W97Yv9UWR9iwmXzknxSQSiIzjt4capmWuaZsAwNJD0g/pub?hl=en&hl=en&single=true&gid=0&output=html



14 | 60

3. PILOT COUNTRIES POLICIES

The following sections does not pretend to be a complete repository of local policies. Conversely, it is

aimed to present a brief overview of the situation in each pilot specifacally focused on the main points

regarding this projects. The whole legislation can be reached locally if needed to go deeper but it is outside

the scope of this document.

3.1 IRELAND

Individuals have privacy rights in relation to the processing of their personal data. A new European Union-wide framework known as the General Data Protection Regulation (GDPR) changes the rules on data protection. It provides for a more uniform interpretation and application of data protection standards across the EU.

The GDPR came into force across the EU on 25 May 2018. However, member states have flexibility in certain areas and can make their own laws in these areas. (For example, the GDPR specifies 16 years as the digital age of consent but allows member states to provide for a lower age – which cannot be lower than 13.)

An accompanying Directive establishes data protection standards in the area of criminal offences and penalties. This is known as the law enforcement Directive.

The GDPR and the law enforcement Directive provide for significant reforms to current data protection rules. They provide for higher standards of data protection for individuals and impose increased obligations on organisations that process personal data. They also increase the range of possible sanctions for infringements of these rules.

The Data Protection Act 20182, which was signed into law on 24 May 2018, changes the previous data protection framework, established under the Data Protection Acts 1988 and 2003 (pdf)3. Its provisions include:

• Establishing a new Data Protection Commission4 as the State’s data protection authority

• Transposing the law enforcement Directive into national law

• Giving further effect to the GDPR in areas where member states have flexibility (for example, the digital age of consent)

Where it is mentioned “current legislation” in this document, it is refered to the situation up to the enactment of the Data Protection Act 2018 and the coming into force of the GDPR.

2 https://www.oireachtas.ie/en/bills/bill/2018/10/ 3 https://www.dataprotection.ie/en 4 https://www.dataprotection.ie/



15 | 60

Rules before 25 May 2018

The Data Protection Acts state that information about people must be accurate, must only be made available to those that should have it and must only be used for specified purposes. People have the right to access personal information relating to theirselves and have any errors corrected or, in some cases, have the information erased.

If their information is being held for the purposes of direct marketing, they can have theirdetails removed.

Data protection rights apply to information held on computer or in manual or paper files.

The Data Protection Commissioner is appointed by the Government. The Commissioner is independent in the exercise of their functions. Individuals who feel their rights are being infringed can complain to the Commissioner, who has powers to enforce the provisions of the Act.

If people suffer damage as a result of a breach of their data protection rights, they may sue for damages through the courts.

The Commissioner also maintains a register, available for public inspection, giving general details about the data handling practices of many important data controllers, such as government departments and State-sector bodies, financial institutions, and any person or organisation who keeps sensitive types of personal data.

General data protection disclaimer on ICT projects

Data collected and created for the project will be made shareable and useable for future research projects. Participants (occupants) will be informed that their participation will be treated in the utmost confidence and will only be reported in anonymised form.

All necessary steps will be taken to protect the privacy and ensure the anonymity and non-traceability of participants (e.g. through the use of pseudonyms, in all forms of publication and dissemination).

In Ireland, partners will follow the guidelines of the Data Protection Commission in Ireland on anonymisation and pseudonymisation, as you can see in the following link:

https://www.dataprotection.ie/en/guidance-landing/anonymisation-and-pseudonymisation).

On the bottom of the previous link, references to other documents are reported, related to the pre-GDPR regime, under the ‘Data Protection Directive’ 95/46/EC.

The data that will be made publicly available will be modified to comply with data protection legislation. Pseudonymisation will be employed by processing personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information. Thus, such additional information will be kept separately, and it is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable individual. Masking will also be used to remove obvious or direct personal identifiers from data.

https://www.dataprotection.ie/en/guidance-landing/anonymisation-and-pseudonymisation



16 | 60

3.2 DENMARK

Before May 2018

Up until 25 May 2018, data protection and the registration and handling of personal data was regulated

by the Danish “Persondataloven” (in English: The Personal data law”), which came into force in 2000 as

an implementation of the previous EU Directive 95/46/EC of the European Parliament and of the Council

of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on

the free movement of such data. The Persondataloven applied to public as well as private entities, and it

covered any type of information that can be related to a (physical) person. The law distinguished between

common and sensitive information. The latter type of information relates to, e.g., information about

ethnicity or health, and this type of information were regulated by more strict rules. However, any type

of personnel information was covered by the law.

After May 2018

A new European Union-wide framework known as the General Data Protection Regulation (GDPR)

changed the rules on data protection. It provides for a more uniform interpretation and application of

data protection standards across the EU. The GDPR came into force across the EU on 25 May 2018.

However, member states have flexibility in certain areas and can make their own laws in these areas.

Following from the latter, the previous Danish Persondataloven was replaced by the

Databeskyttelsesloven (in English: The Data Protection Law) by 25 May 2018. The new law complements

the general and EU-wide GDPR regulation by stating some specific rules on data protection in Denmark.

For instance, §10 of Databeskyttelsesloven states that “Data as mentioned in Article 9(1) and Article 10

of the General Data Protection Regulation may be processed where the processing takes place for the

sole purpose of carrying out statistical or scientific studies of significant importance to society and where

such processing is necessary in order to carry out these studies.” Thus, the Danish law on data protection

provides less strict rules in relation to collection of data for pure scientific studies.

The main changes following from the GDPR and the Danish Databeskyttelsesloven include:

• The rules related to individuals’ right to access registered personnel data about themselves

(including the rights to requiring correction and deletion of personnel information) was tightened,

including a specification of the procedures for handling requests for access to and complaints about

personnel data. Regarding the latter, it is now specified that organizations collecting and storing personnel

data needs to provide contact details of the data responsible for requests and complaints. Furthermore,

the national agency called Datatilsynet (In English: The Danish Protection Agency) is the independent

authority that supervises compliance with the rules on protection of personal data, provides guidance and

advice as well as deal with complaints and make inspections. Individuals (e.g. citizens) can complain to

the Datatilsynes in case they feel that the collection and handling of their personnel data do not comply

to the existing rules.

• Violations of the GDPR and Databeskyttelsesloven can now be fined with substantial penalties.



17 | 60

3.3 SPAIN

Protection of individuals in relation to the processing of personal data in Spain is also a fundamental right

protected by Article 18.4 of the Spanish Constitution5.

Article 18, of the Spanish Constitution

1. Law will limit the use of computing to guarantee the honor and personal and family privacy

of citizens and the full exercise of their rights.

In accordance with the explanatory memorandum of Organic Law 3/2018, of December 5, on the

Protection of Personal Data and the guarantee of digital rights (hereinafter, LO 3/2018), "the concretion

and development of the fundamental right of protection of personal data took place in its origins through

the approval of the Organic Law 5/1992, of October 29, [...] replaced by the Organic Law 15/1999, of

December 5, in order to transpose our right to Directive 95/46 / CE [..], and was supplemented by an

increasingly abundant jurisprudence coming from the organs of the contentious-administrative

jurisdiction».

Without wishing to be redundant, and since LO 3/2018 does not contradict the GDPR, but completes and

develops its provisions, the fundamental milestone at a national level has been the regulation and

guarantee of Digital Rights, reinforcing, for example, the protection of minors, while guaranteeing the

right of access to the internet for the most vulnerable or disadvantaged groups, by designing training and

accessibility policies to overcome the existing digital gaps.

Below, is a brief summary of Digital Rights:

GENERAL

Right to internet neutrality

Right to universal Access to the internet

Right to digital security

VULNERABLE COLLECTIVES

Protection of minors on the Internet

Protection of minors’ data on the Internet

Right to digital education

SEARCH SERVICES. NETWORK

Right to rectification on the Internet

Right to forget in Internet searches

Right to update information in digital media

Right to forget in social network services and equivalent services

Right of portability in social network services and equivalent services

WORK ENVIRONMENT

5 «BOE» no. 311, of 29/12/1978



18 | 60

Right to privacy and use of digital devices in the work environment

Right to digital disconnection in the work environment

Right to privacy against the use of surveillance devices and sound recording in the work environment

Right to privacy before the use of geolocation systems in the work environment

Digital rights in the collective bargaining

Table 1: Digital rights in Spain

Therefore, it can be assumed that Spain has been a pioneer in the protection of individuals in relation to

the processing of personal data concerning and in relation to new technologies.

The novelties that the LO 3/2018 provides with respect to the previous regulations are, among others:

▪ Duty to preserve the data, duly blocked, for the exercise or defense against claims until the

prescription of possible actions.

▪ Regulation of personal data by common credit information services.

▪ Treatments for video surveillance purposes

▪ Internal reporting information systems

▪ Strengthening the position of the Data Protection Delegate

It is necessary to highlight the role and the work carried out by the Spanish Agency for Data Protection

(https://www.aepd.es/), body which carries out control and research tasks, prepares reports, guides or

tools for both citizens and to companies or organizations, resolves all kinds of queries, and, ultimately,

plays a key role in adapting and adapting to the GDPR.

https://www.aepd.es/



19 | 60

4. EU POLICIES

Similar to the previous section, the following pages are not a full description of the European laws in data

protection issues but just a compendium in the topic with the focus in the main part applicable to

RESPOND project.

It is necessary start highlighting that protection of individuals in regards to the treatment of his/her

personal data constitutes a fundamental right that it is contained in the Charter of Fundamental Rights of

the European Union, as well as in the Treaty on the functioning of the European Union6.

Article 8 of the Charter of Fundamental Rights of the European Union. Personal data protection

1. Every individual has the right to the protection of the personal data, that concern him/her.

2. These data will the treated loyally for specified purposes and on the basis of the consent of

the person concerned or some other legitimate basis laid down by law. Every individual has the

right to access to the collected data that concern him/her and to their rectification.

3. The compliance of these regulations is subject to the control of an independent authority.

Article 16 (ex article 286 TCE) of the consolidated version of the Treaty on the functioning of the

European Union

1. Every individual has the right to the protection of the personal data, that concern him/her.

[…]

The European Union (hereafter, the “EU”) has pursued, promoted and approved, through prolific activity,

multitude of guidelines, recommendations and its own legislative acts in order to achieve an effective

protection of the data protection right, weighing its integration in our regulation together with other

fundamental rights, with aim of establish a coherent, uniform and homogenous regulation in every

member country, within an increasingly regulated framework and interconnected that requires to entitle

every actor, and specifically the individuals, of legal security.

According to the of the statements of reasons from the REGULATION (UE) 2016/679 OF THE EUROPEAN

PARLIAMENT AND THE COUNCIL of 27 of April 2016 concerning to the protection of the individuals with

regards to the treatment of personal data and the free circulation of these data and amending Regulation

95/46/CE (General Data Protection Regulation or GDPR), the Regulation referred to was already intended

to "harmonize the protection of the rights and fundamental freedoms of individuals concerning the

processing of personal data and guarantee the free circulation of the aforementioned data among the

Member states".

However, the legal formula used avoided the homogenization of national regulations because the

Directives and the Regulations are types of legislative acts that present important differences, in terms of

their purpose and scope.

In general, some of its most characteristic aspects are:

6 «DOUE» no. 83, of 30 de March of 2010, pages 1 to 388 (388 pages)



20 | 60

DIRECTIVE REGULATION

Obligation to achieve results Directly applicable

They need transposition to the internal

ordering of each member state

They do not need to be transposed to the internal

order of each member state

It comes into force once transposed to the

internal order (with exceptions)

Applicable from its entry into force

Establish maximum or minimum

requirements

Mandatory in every point

Adopted by the Council and Parliament in accordance with ordinary or special legislative

procedures

Table 2: Differences between Directive and Regulation

The fragmentation and, in some cases, discordance between national regulations related to the

protection of personal data, together with, among other factors, the current globalized context of our

society and the advance of the digital age (to which special mention will be made because of its singular

relevance when examining the policies carried out by Spain), has caused the necessity to implement a

uniform regulation to strengthen legal security, establishing the act of Regulation for its general scope

and its mandatory nature, giving rise to the GDPR, fully applicable since last May 25, 2018.

The role played by Working Group 29, through its recommendations and good practices, has been decisive

in strengthening the right to protection of individuals in relation to the processing of their personal data,

an organization that has been replaced by The European Committee for Data Protection, whose

composition and functions are defined in Section 3 of Chapter VII of the GDPR. The aforementioned

Committee acts since the Regulation is fully applicable with total independence and watches over and

guarantees for the correct application thereof.

The General Data Protection Regulation harmonizes and combines, as we have explained before, the

protection of individuals in relation to their personal data and the free circulation of these among the EU

member states, applying to every totally or partially automated treatment, as well as non-automated

treatments intended to be included in a file, in accordance with the principles and limits established in

article 5:

▪ Lawfulness, loyalty and transparency

▪ Limitation of the purpose

▪ Data minimization

▪ Accuracy

▪ Limitation of the conservation period

▪ Integrity and confidentiality

▪ Proactive responsibility



21 | 60

4.1 RIGHTS

The application of the Regulation extends beyond the EU, provided that the person in charge or

responsible for treatment has its establishment within it, or, when it is not in the EU, offers goods and

services or controls the behavior of the interested residents in the union, a fact that reinforces the scope

of protection and legal security.

The Regulation definitively ends with tacit consent or understood as a legitimizing cause of data

processing. The data responsible must be able to demonstrate that the consent was freely granted, for

specific purposes, expressly, and clearly been informed about who is the responsible of the treatment,

the storage periods, possible assignments or communications, and even if the data will be subject to

international transfers, as well as the rights that assist them.

RIGHTS

▪ Right of information of the interested party

▪ Right to withdraw consent

▪ Right of Access of the interested party

▪ Right of rectification

▪ Right of cancellation (“right to forget”)

▪ Right of opposition

▪ Right to limitation of treatment

▪ Right to data portability

▪ Right not to be subjected to automated individual decisions, including profiling

4.2 DATA PROTECTION IMPACT ASSESSMENT

The GDPR establishes another outstanding and notable novelty. Closely related to the principle of

proactive responsibility, the responsible and managers in charge of treatment must keep a Register of

treatment activities. The objective is to control each and every one of the aforementioned activities and

the purposes of the treatment, the life cycle of the data. For this purpose, the specific characteristics of

the activity to be carried out must be registered and specified (for example, categories of interested

parties, data categories, transfers or international transfers) and adequate technical and organizational

measures must be established to safeguard the security and confidentiality of the data. In this regard, the

responsible should evaluate if the treatment involves a high risk for the rights of the interested parties,

and should, as the case may be, carry out a Data Protection Impact Assessment (DPIA).

Below, a brief outline7 that synthesizes what has just been explained previously is shown:

7 https://ec.europa.eu/commission/sites/beta-political/files/ds-02-18-544-es-n_0.pdf



22 | 60

1) VERIFY THE PERSONAL DATACOLLECTED AN TREATED, THE PURPOSE AND ON WHICH LEGAL BASIS

2) INFORMATION TO INTERESTED PARTIES (CLIENTS, EMPLOYEES AND OTHER PERSONS)

3) CONSERVATION OF PERSONAL DATA ONLY WHILE NECESSARY (see next point)

4) SECURITY MEASURES AND PERSONAL DATA PROTECTION

5) CONSERVATION AND DOCUMENTATION ON DATA PROCCESSING ACTIVITIES

6) NORMATIVE COMPLIANCE BY TREATMENT MANAGERS (CODES OF CONDUCT AND

CERTIFICATIONES)

A very identifying characteristic of the purpose of the Regulation and its scope of protection is found in

the liability and sanctions regime. Failure to fulfill with the stipulations contained in the GDPR can lead to

sanctions that, in the most serious cases, can reach up to € 20,000,000, or an amount equivalent to 4% of

the total annual global business volume.

After a broadly examination of the Regulation, the last question that remains to be addressed is to know

who ensures regulatory compliance within each organization, company or entity.

The Regulation has created the figure of the Data Protection Delegate (DPD). Its mandatory character is

established in certain cases: special categories of data, volume of data or according to a national law. The

DPD must possess recognized professional qualities and have experience and knowledge in Law, and

always exercise their functions with complete independence and objectivity. In the following link, by way

of example, you can consult the data and functions of the DPO of the European Commission:

https://ec.europa.eu/info/departments/data-protection-officer_es#responsibilities.

4.3 NATIONAL LEGISLATIONS

Below it is shown a table with the National legislations on data protection that transposed the EU Data

Protection Directive 95/46 EC which information was adapted from the comprehensive study performed

by the BSA EU Cybersecurity Dashboard8 (source inteGRIDy project).

EU Member

State Applicable legislation on data protection Data Protection

8 BSA – The Software Alliance (2015). EU Cybersecurity Dashboard – A Path to a Secure European Cyberspace.

https://ec.europa.eu/info/departments/data-protection-officer_es#responsibilities



23 | 60

Portugal • Law No. 67/98 of 26 October 1998 (Data Protection Act) • Law No. 103/2015 • Law No. 2/94 • Law No. 68/98 • Law No. 36/2003 • Law No. 43/2004 • Law No. 46/2012, of 29 August 2012 (ePrivacy Act) • Constitution of the Portuguese Republic (Articles 34 and 35)

Portuguese Data Protection Authority (CNPD) (1991) (http://www.cnpd.pt/)

Spain • Organic Law 15/1999, of 13 December of Personal Data Protection • Royal Decree 1720/2007, of 21 December • Final provision Fifty-six of Sustainable Economy Law 2/2011

Spanish Data Protection Agency (AEPD) (1993) (https://www.agpd.es/)

UK • Data Protection Act 1998 • Privacy and Electronic Communications (EC Directive) Regulations 2003

UK Information Commissioner (https://ico.org.uk)

France • French Data Protection Act n°78-17 of 6 January 1978 (French DPA) – revised in 2004 • Postal and Electronics Communications Code

Commission Nationale de l’Informatique et des Libertés (CNIL) (http://www.cnil.fr/)

Italy • Legislative Decree n. 196 of 30 June 2003 (Privacy Code 2003)

Italian Data Protection Authority (http://www.garanteprivacy.it/)

Greece • Law 2472/1997 • Law 3471/2006 • Law 3873/2009 • Law 3917/2011 • Law 3943/31.3.2011 and • Ministerial Circular 1185/1.9.2011 • HDPA´s opinion no. 4/14.10.2011 • Law 4170/2013 • Ministerial Circular 1258/6.12.2013 • HDPA´s opinion no. 5/2013

Hellenic Data Protection Authority (HDPA) (http://www.dpa.gr/)

Romania • Law no. 677/2001 • Law no. 506/2004

National Supervisory Authority for Personal Data Processing (http://www.dataprotection.ro/)

Cyprus • Processing of Personal Data (Protection of Individuals) Law of 2001´ (138(1)/2001) • Data Processing (Permits and Fees) Regulations 2002 • Regulation of Electronic Communications and Postal Services Law of 2004 • Constitution of the Republic of Cyprus

Commissioner for the Protection of Personal Data (http://www.dataprotection.gov.cy)

Table 3: National legislations data protection that transposed EU Data Protection Directive 95/46EC



24 | 60

5. RESPOND GDPR APPROACH

Within the framework of development of the European Project RESPOND in which Feníe Energía, S.A.

collaborates actively developing coordination functions among the different enterprises and institutions

which take part or will take part in the set of works that are aimed to be developed, a report has been

required to the department of Legal Services of the Company with the aim of examining the adaptation

to the current regulations regarding personal data protection.

The Project, in general terms, intends to carry out analysis and studies in order to predict aspects related

to the preferences or behaviors in the use of energy resulting from monitoring in homes. Namely, the

Project may have access to personal data for the achievement of its purposes or objectives. The

aforementioned studies, will be carry out in households of three different countries of the European

Union (Ireland, Denmark, Spain).

5.1 OBJECTIVES, PILOTS AND PARTICIPANTS

The research field of the Project is the energy sustainability. Data will be collected through monitoring

techniques. Once that data has been anonymized, it will be used to carry out analysis of the behaviors

and habits related to the energy consumption with the aim of implementing methods and predictive

formulas that favor a responsible and efficient consumption.

The data that will be processed in the framework of the development of the Project will derive from

households that are located in three allocations within the European Union, specifically:

▪ Aran Island (Ireland)

▪ Aarhus (Denmark)

▪ Madrid (Spain)

It has been stablished as first measure, in order to protect the confidentiality and information protection,

that all personal data obtained as a result of monitoring will be anonymized, ensuring that the interested

party is not identifiable, or ceases to be9, in order to be able hereafter to work and elaborate complex

profiles, prediction methods or efficient energy management systems methods, among other research or

statistical purposes.

As indicated above, there are several companies and institutions that will participate in the Project. These

organizations, that have gained great prestige, reputation and experience in their activities’ field, have

stablished their headquarters in the territory of the European Union, with the exception of the INSTITUT

MIHAJLO PUPIN, Serbian institute leader in information and communication technologies.

9 Considering 26 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free circulation of these data and by repealing Directive 95/46/EC (General Data Protection Regulation or GDPR).



25 | 60

The entities that are part of the Project are:

▪ FENÍE ENERGÍA, S.A. (Spain), as Coordinator of the Project, develops electric power and gas trading

activities, as well as energy savings services;

▪ FUNDACION TEKNIKER (Spain), is focused on technologic and industrial researches;

▪ AURA RADGIVNING AS (Denmark), provides energy consulting services to enterprises of a broad

field;

▪ ALBOA (Denmark), is the social housing association of Aarhus, founded on January, 1st 2011;

▪ AALBORG UNIVERSITE (Denmark), offers high quality research within human, natural, social and

engineering and health sciences;

▪ COMHARCHUMANN FUINNIMH OILEÁIN ÁRANN TEORANTA (Ireland), is an energy cooperative

which represents all the residents and companies established in the Aran islands;

▪ NATIONAL UNIVERSITY OF IRELAND, (Ireland), globally recognized for its international perspective,

develops projects in many fields of research;

▪ DEVELCO PRODUCTS AS (Denmark), develops, produces and markets wireless products for

companies;

▪ ENERGOMONITOR S.R.O. (Czech Republic), is focused, among others, in consumption and costs of

public services monitoring, as well as monitoring their customers’ environment through real data,

whether they are domestic or corporate;

▪ DEXMA SENSORS S.L. (Spain), is an expert company in the development of energy management

systems;

▪ INSTITUT MIHAJLO PUPIN (Serbia), is a leader organization in information and communication

technologies (ICT).



26 | 60

5.2 TREATMENT OF PERSONAL DATA

5.2.1 DATA LIFE CYCLE

The data life cycle can be divided into the following stages:

a) Data collection

Feníe Energía, in the role of Project coordinator, will collect data related to the energy consumption

in households located in member countries of the European Union10. For its acquisition, Feníe Energía is

obliged to have the express consent of the interest party11. Feníe Energía, therefore, stands as Responsible

of treatment of the referred data12.

For the collection of the data, the Company may rely on other organizations, which will act as

Managers of treatment and always according to the instructions of the Responsible. Consequently, the

parties shall sign the corresponding Contract of Manager treatment, which shall regulate the relation

between both, as well as contain the obligations and minimum specifications required by the reference

law13.

b) Storing

Once the data has been collected, Feníe Energía will store it safeguarding their integrity by

implementing suitable technical and organizational measures in order to guarantee its integrity and

confidentiality and prevent from illegitimate access or its alteration14.

c) Use. Profiling. Anonymization

The Responsible will treat the data with the following purposes:

a. Profiling

It is defined as “any form of automated processing of personal data consisting in using personal

data to evaluate certain personal aspects of an individual, in particular to analyze or predict aspects

related to the improvement of performance, economic situation, health, personal preferences, interests,

reliability, behavior, location or movements of the mentioned individual”.

The Responsible will monitor and process data regarding the energy consumption of the interested

party with his/her explicit consent. However, the development of the aforementioned profiles will not

10 Article 1.3 of GDPR, on free circulation of data 11 Article 6.1. a) of GDPR, on legitimation of treatment 12 Article 4 of GDPR, on the figure of the Responsible of treatment 13 Articles 4, 28 and 29 del RGPD, on the figure of the treatment manager 14 Article 5.1.f) of GDPR, on integrity and confidentiality



27 | 60

produce legal effects on him/her or will affect him/her in any way because in any case the profiles or

obtained will be anonymized for its further treatment for research or statistic purposes.

It is important to emphasize, therefore, that it will not be necessary to previously carry out an

impact evaluation of the treatment operation, in accordance with the terms of article 35 of GDPR.

The Responsible may, also, send communications to the interested parties, for non-commercial

purposes, for the fulfillment of the purpose described.

b. Anonymization

The Responsible will anonymize, irreversibly, all the personal data obtained, so that the interested

party is not identifiable or ceases to be.

Once the data has been anonymized, the General Data Protection Regulation would not affect the

processing of the aforementioned anonymous information, even for statistical or research purposes15.

No other uses are foreseen16.

d) Destruction

Once the Project has finished, the data will be duly blocked during the necessary legal period for

the exercise or defense against administrative actions and for the statutes of limitations of these. After

this period, the data will finally be destroyed17.

Figure 2: Schema of data process within the project

15 Considering 26 of GDPR 16 Article 5.1.c) of GDPR, about data minimization 17 Article 5.1.e) of GDPR, about limitation of the term of conservation



28 | 60

5.2.2 TREATMENT ACTIVITIES REGISTRY

Feníe Energía has the obligation to keep a register of the treatment activities made under its

responsibility18.

RESPOND PROJECT

A) LEGAL BASES GDPR: 6.1.a) Consent by the interested party for the treatment of his/her personal data.

B) PROCESSING PURPOSES

Participation in RESPOND Project for which, through monitoring techniques, it will result data related to the energy consumption in the supply points of the interested parties for the profiling. No decisions will be made about the interested party based on profiling. The Responsible may send communications to the interested parties for the fulfilment of the described purpose. The data and profiles obtained will be anonymized for its study within the works developed in RESPOND Project

C) CATEGORY OF INTERESTED PARTIES

Individuals, included representatives of legal entities that participate in RESPOND Project.

D) CATEGORY OF DATA

Name and surname, email, telephone number, address, city, district, universal code of supply point and energy consumption.

E) CATEGORY OF RECIPIENTES

No data communications are foreseen. However, the Responsible rely on the treatment Managers to carry out the purposes described.

F) INTERNATINAL TRANSFERS

No international data transfers are foreseen.

G) DELETION DEADLINE

The personal data of the interested parties will be kept until the end of RESPOND Project. After its finalization, the personal data will be kept duly blocked during the necessary legal period for the exercise or defense against administrative actions, exclusively available to judges and courts, Public Prosecutor, or the competent Public Administrations, and for the statutes of limitations of these. After this period, the data will be definitively deleted.

H) SECURITY MEASURES (32.1 GDPR)

See point 5.2.4

I) RESPONSIBLE ENTITY

Feníe Energía, S.A., with VAT number A-85908036, and address for notification purposes at Calle Jacinto Benavente, 2-B, Planta Baja. 28232, Las Rozas de Madrid, Spain. Telephone: 91 626 39 12. Enquires DPO: [email protected]

Table 4: Project's GDPR legal information

5.2.3 RISKS ANALYSIS

The following questionnaire is established to determine if there are circumstances that require an Impact

Assessment on Data Protection (IADP).

TYPE OF DATA YES/NO

Is there any personal data treatment? YES

PURPOSE OF THE TREATMENT YES/NO

Is the collection of data intended for large-scale treatment? NO

Number of entities affected 0 to 10.000

Categories of data processed. (Sensitive data, Identification data, Personal characteristics, Social Circumstances,

2

18 Article 30 of GDPR, about registration of treatment activities

mailto:[email protected]



29 | 60

Academic and professional data, Employment details, Commercial Information, Economic, financial and insurance data, good and services transactions

Duration of treatment Months

The geographical extension of the treatment International

Does the data collection have the purpose of monitoring or systematic and comprehensive assessment of personal aspects? (treatment to monitor, observe and/or control the interested parties, whereby, it can define habits, behaviors, preferences, tastes, interests, etc. of identified or identifiable individuals? For instance, use of activity register on clients to detect patterns of susceptible users that may contract a product, commercial profiles, scoring, etc.

Data collection’s purpose is to know the energy consumption, profiling consumption patrons but without evaluating the aforementioned data neither producing legal effects on the interested party or affecting him/her significantly

YES

Is the collection of data intended for the treatment of sensitive data (article 9 GDPR)? NO

Does the treatment involve contact with the interested parties in such a way that such contact may be intrusive or is it expected the use of technologies that may be perceived as especially intrusive in privacy?

The treatment, with the express consent of the owner, consists in the monitored collection of data on energy consumption for a period of time

YES

Does the purpose of the treatment imply the specific use of disabled persons or any other group in a particularly vulnerable position?

NO

Will personal data be processed to create profiles, categorize/segment, make ratings/scoring or to take decisions? For example, the segmentation of clients based on their personal data with the purpose of sending commercial communication

Data collection’s purpose is to know the energy consumption, profiling consumption patrons but without evaluating the aforementioned data neither producing legal effects on the interested party or affecting him/her significantly

YES

Does the processing of data imply automated decision-making without any person intervening in the decision or evaluating the results? For example, authorizing or denying a product type to a customer by means of an automated algorithm without any manager evaluating the result to confirm the decisions

NO

Is the information of the interested parties enriched by collecting new categories of data or using existing ones with new purposes that were not previously contemplated, in particular, if these purposes are more intrusive or unexpected for those affected, or can even reach block the enjoyment of some service? For example, the use of information contained in external files such as ASNEF

NO

Does the treatment imply that a large number of people (beyond those necessary to carry out the same) have access to the personal data processed?

NO

Are data related to the observation of public access areas going to be processed? NO

In order to carry out this treatment, do you combine datasets used by other managers of treatment, whose purpose was in excess of the expectations of the interested party? For example, to use the result of a data analysis treatment of a client to make commercial offers based on said results

NO

Are non-dissociated or non-anonymized personal data irreversibly used for statistical, historical or scientific research purposes?

NO

TECHNOLOGIES USED FOR THE TREATMENT YES/NO



30 | 60

Is it foreseen the use of technologies that can be perceived as immature, recently created or released to the market, whose scope cannot be foreseen by the interested party in a clear or reasonable way and implies a high risk for unauthorized access?

Equipment of renowned brands will be installed

NO

DATA TRANSFER AND INTERNACIONAL DATA TRANSFERS YES/NO

Is there any transfer of data to other entities from the same group whether to external providers?

NO

Is there any international data transfer to non-European countries, which do not have personal data protection measures similar to those established by the Control Authority?

NO

PERCEPTION OF THE EXISTENCE OF A HIGH RISK BY THE RESPONSIBLE TREATMENT ACTIVITY YES/NO

Is this treatment similar to another for which an DPIA was necessary? NO

Can this treatment lead to a loss or alteration of the information?

No, since the data is only taken and stored. The risk associated with the loss or alteration of the information is the expected for this type

NO

Is paper documentation used to process personal data? In this case, indicate the measures applied: it is kept under lock and key, it is destroyed confidentially, it is kept with an access register, others.

NO

Table 5: Risk analysis

Based on the previous analysis, and based on Article 35 of the GDPR, It has been determined that it is not

necessary to conduct an Impact Assessment related to data protection.

5.2.4 SECURITY MEASURES

Organizational measures

Information that should be known by all staff or employees with access to personal data.

Duty of confidentiality and secret

▪ The access of unauthorized persons to personal data should be avoided. To this end, it will be

avoided to leave the personal data exposed to third parties (such as, for example, unattended

electronic screens, paper documents in areas of public access, supports with personal data, etc.).

▪ When an employee is absent from the workplace, the screen will be blocked or the session closed.

▪ Paper documents and electronic media will be stored in a secure place (such as lockers or

restricted access rooms) 24 hours a day.

▪ Documents or electronic media (such as, for example, cd, pen drives, hard drives, etc.) will not be

discarded with personal data without guaranteeing their destruction.

▪ Personal data or any personal information will not be communicated to third parties, special

attention will be given in not divulging protected personal data during telephone consultations,

emails, etc.



31 | 60

▪ The duty of secrecy and confidentiality persists even when the worker's employment relationship

with the company ends.

Rights of data subjects

All employee will be informed about the procedure to deal with the rights of the interested parties, clearly

defining the mechanisms by which the rights can be exercised (electronic means, reference to the

Delegate of Data Protection if there is one, postal address, etc.) taking into account, in particular, the

following:

▪ Upon presentation of his/her national identity document or passport, the holders of personal data

(interested) may exercise their rights of access, rectification, deletion, opposition and portability.

The responsible for the treatment must respond to the interested parties without undue delay,

and always within the deadlines stipulated by current regulations.

▪ For the right of access, the interested parties will be provided with the list of the personal data

that may be available, together with the purpose for which they were collected, the identity of the

recipients of the data, the conservation periods, and the identity of the person responsible, before

they can request the rectification suppression and opposition to the processing of the data.

▪ For the right of rectification, it will proceed to modify the data of the interested parties that were

inaccurate or incomplete attending to the purposes of the treatment.

▪ For the right of suppression, the data of the interested parties will be suppressed when the

interested parties manifest their refusal or opposition to the consent for the treatment of their

data and there is no legal duty that prevents it.

▪ For the right of portability, the interested parties must communicate their decision and inform the

person responsible, as the case may be, about the identity of the new responsible party to whom

they provide their personal data.

▪ For the portability right, the interested parties shall communicate their decision and inform the

person responsible, as the case may be, about the identity of the new responsible person to whom

they may provide their personal data.

The responsible for the treatment shall inform all subjects with access to personal data about the terms

of compliance to meet the rights of the interested parties, the manner and procedure in which the

aforementioned rights will be met.

Security breaches of personal data

In the event of security breaches of personal data, such as, for example, theft or improper access to

personal data, the Spanish Data Protection Agency will be notified within 72 hours about these security

breaches, including all necessary information for the clarification of the facts that would have given rise

to the improper access to personal data.

The notification will be made by electronic means through the electronic headquarters of the Spanish

Agency for Data Protection at the address: https://sedeagpd.gob.es

https://sedeagpd.gob.es/



32 | 60

Technical measures

Identification

▪ When the same computer or device is used for the processing of personal data and personal

purposes, it must have several profiles or different users for each of the purposes. The professional

and personal uses of the computer must be kept separate.

▪ It is recommended to have profiles with administrative rights for the installation and configuration

of the system and users without privileges or administrative rights for access to personal data. This

measure will prevent from obtaining access privileges or that the operative system may be

modified, in the event of cybersecurity attack.

▪ The existence of passwords for access to personal data stored in electronic systems will be

guaranteed. The password will have at least 8 characters, a mixture of numbers and letters.

▪ When different persons accessed to the personal data, every single person with access to the

personal data will have specific username and password (unambiguous identification).

▪ The confidentiality of passwords must be guaranteed, preventing them from being exposed to

third parties.

Under no circumstances the passwords will be shared or recorded in common places neither the access to persons other than the user will be allowed.

Safeguard

▪ Updating of computers and devices: The devices and computers used for the storage and

processing of personal data must be kept up-to-date as much as possible.

▪ Malware: On computers and devices where the automated processing of personal data is carried

out, an antivirus system will be available to guarantee the theft and destruction of personal

information and data as much as possible. The antivirus system must be updated periodically.

▪ Firewall: To avoid undue remote access to personal data will ensure the existence of an activated

firewall on computers and devices in which the storage and / or processing of personal data is

made.

▪ Data encryption: When the extraction of personal data outside the area where it is processed may

be needed, either by physical means or by electronic means, it should be assessed the possibility

of using an encryption method in order to guarantee the confidentiality of the personal data in

case of improper access to the information.

▪ Security copies: Periodically a backup copy will be made on a second support different from the

one used for daily work. The copy will be stored in a secure place, different from that in which the

computer is located with the original files, in order to allow the recovery of personal data in case

of loss of information.



33 | 60

5.3 AUTHORIZATION MODEL OF PERSONAL DATA

Below it is shown the content of the document created to collect the authorization. It is intended to collect

this authorization through the mobile app to avoid the use of paper and speed up the process.

PERSONAL DATA AUTHORIZATION

FULL NAME XXXXXXX ADDRESS XXXXXXX ID XXXXXXX PILOT XXXXXXX

Before signing this document, you must read the following basic information about data protection along with the additional

information shown in the following pages:

Basic information about data protection

Responsible FENÍE ENERGÍA, S.A.

Purpose Take part in RESPOND project: To develop a Demand Response platform for dwellings, for the study and monitoring of Energy consumptions; profile elaboration.

Legitimation Consent of the interested individual

Recipients Data treatment managers established in the EU; and data treatment managers established outside the EU who have signed data protection clauses adopted by the European Commission.

Rights Access, rectify and delete the data together with other rights as explained in the additional information.

Additional information

Moreover, further and detailed information about data protection can be accessed on: www.project-respond.eu

_____________________

In XX, the XX XX of 2018

http://www.project-respond.eu/



34 | 60

5.4 ADDITIONAL INFORMATION

The following paragraphs belong to the additional information provided to trials participants when

requested to sign the personal data authorization:

ADDITIONAL INFORMATION

For the purposes of European legislation provisions on personal data protection, Directive 95/46 / EC of the European

Parliament and the Council, the applicable Spanish national legislation, and by virtue of REGULATION (EU) 2016/679 OF THE

EUROPEAN PARLIAMENT AND THE COUNCIL of April 27, 2016, relating to the protection of individuals with regard to personal

data processing, which will be applicable as of May 25, 2018, the Responsible informs you and you consent to incorporate your

data into a file called "PROJECT RESPOND", created under Responsible liability.

1. RESPONSIBLE

Treatment Responsible FENÍE ENERGÍA, S.A. VAT ESA85908036 Address Jacinto Benavente, 2-B, ground floor 28232, Las Rozas de Madrid, Spain Email/Telefone/Fax [email protected] - +34 91 626 39 12

Data protection delegate [email protected]

2. PURPOSE

For what purpose we treat your data?

Due to RESPOND European Project, co-financed by the Horizon 2020 European Union program with number 768619 - H2020-

EE-2016-2017 / H2020-EE-2017-PPP, the Responsible informs that your data will be treated for the following purpose:

Take part in Project’s pilot trials

Energy consumptions monitoring

Individual habits related with Energy consumption study

Non-commercial nature communications about the Project

In order to study your personal habits related to energy consumption, we will elaborate a profile based on the information

provided and the data measured. We inform you that possible Demand Response actions based on this profile will be studied,

because aspects related to your preferences or behavior in the use of energy in your home will be analyzed or predicted as a

result of monitoring and information collected.

How long will we keep your data?

The personal data provided will be kept for a period of 3 years from the last confirmation of interest, necessary for the

fulfillment of the purposes described.

The Responsible will delete all personal data, as well as the existing copies unless their preservation is required under national

or international standards. In such case, they will guarantee the confidentiality of the information and its exclusive use to

comply with the legal requirements that have required conservation.





35 | 60

3. LEGITIMATION

What is the legitimacy for the treatment of your data?

The legal basis for the treatment of your personal data is your explicit consent freely granted.

4. RECIPIENTS

To which Recipients will your data be communicated?

The data may be communicated to the following companies as Treatment Managers:

COMPANY ADDRESS

FUNDACION TEKNIKER Calle INAKI GOENAGA 5, 20600, Eibar (Guipuzcoa-SPAIN), represented by Mr Francisco Javier Diez, Researcher Intelligent Information Systems Unit, or his authorised representative

ALBOA

Almen boligorganisation Aarhus, established in Vertergårdsvej 15, DK 8260 Midtjylland, Viby J. (DENMARK), represented by Mr. Niels Munthe, Energymanager, or his authorized representative

AURA RADGIVNING AS LANGDALSVEJ 75, 8220, BRABRAND (DENMARK), represented by Mrs Lisbet Stryhn Rasmussen, Seniorådgiver, or his authorized representative,

AALBORG UNIVERSITE

FREDRIK BAJERS VEJ 5, 9220, AALBORG (DENMARK), represented by Mr Toke Haunstrup Christensen, Senior Researcher Danish Building Research Organization, or his authorized representative

COMHARCHUMANN FUINNIMH

OILEÁIN ÁRANN TEORANTA

Cill Rónáin, H91 WOHK West, Aran Islands (IRELAND), represented by Mr Dara Ó Maoildhia, Chairperson, or his authorized representative,

NATIONAL UNIVERSITY OF IRELAND, GALWAY

UNIVERSITY ROAD, GALWAY (IRELAND), represented by Mr Marcus Keane, Lecturer Civil Engineering department, or his authorized representative,

DEVELCO PRODUCTS AS OLOF PALMES ALLE 40, 8200, ARHUS (DENMARK), represented by Mr Peter Kirketerp Hansen, R&D Manager, or his authorized representative,

ENERGOMONITOR S.R.O.

HLUBINSKA 917/20, 70200, OSTRAVA - MORAVSKA (CZECH REPUBLIC), represented by Mrs Alena Vojtekova, Key account manager Sales department, or his authorized representative,

DEXMA SENSORS S.L.

BONAPLATA 51-PLANTA 3-PUERTA 2, 08034, BARCELONA (SPAIN), represented by Mr Miguel Cruz Zambrano, R&D Director, or his authorized representative,

In addition, data can be transferred to a third country, specifically:

COMPANY ADDRESS

INSTITUT MIHAJLO PUPIN

VOLGINA 15, 11060, BEOGRAD (SERBIA), represented by Prof. Sanja Vranes, Director, or his authorized representative,

The adequate guarantees in relation to personal data protection are based on the standard clauses signed by the Responsible

Party and the third party adopted by the European Commission, COMMISSION DECISION, of February 5, 2010 regarding the



36 | 60

standard contractual clauses for personal data transfer to those processing managers established in third countries, in

accordance with Directive 95/46 / EC of the European Parliament and of the Council.

Finally, the data may be transferred to administrations and public bodies for obligations fulfillment directly demandable to the

Responsible.

5. RIGHTS

What are your rights when you provide us with your data?

The Responsible is committed with its duty to keep personal data secret, and it will adopt the legally foreseen and necessary

measures, especially technical and organizational ones, to avoid the alteration, loss, treatment or unauthorized access, taking

into account at all times the state of the art of the applicable technology.

At all times, you will have:

1. Right, in relation to treatments based on obtaining your consent, to withdraw or revoke it in accordance with the

indications set out below.

2. Right to request access to personal data, and to obtain information about whether Feníe Energía is processing

personal data that concerns you or not.

3. Right to request the rectification or suppression of inaccurate data or, where appropriate, request its deletion when,

among other reasons, the data is no longer necessary for the purposes that were collected

4. Right to request the limitation of their treatment, when any of the foreseen conditions is fulfilled, in which case they

will only be conserved for the exercise or claims defense.

5. Right to oppose to receiving commercial communications about similar products or services and profiles.

6. Right to data portability.

7. Right to obtain human intervention, to express your point of view and not to be the object of a decision based solely

on automated processing.

You can exercise your rights attaching a photocopy of your ID, passport or any other identification document and request

stating your petition, by:

- Written communication to Feníe Energía, S.A., address for the purposes of communications at Jacinto Benavente 2-B,

ground floor, 28232, Las Rozas de Madrid (Spain); or

- By email to: [email protected].

furthermore, you may submit a claim regarding the processing of your personal data to the competent authority for protection

of personal data, in particular, where you have your residence or where the Responsible Person is located, namely, the Spanish

Agency for Data Protection (AEPD), with VAT Q2813014D, and address at Jorge Juan, 6, 28001 Madrid (Spain), and telephone

0034 901 100 099, or on the web agpd.es.

_____________________

In XX, the XX XX of 2018



37 | 60

6. ICT SECURITY MEASURES

This part of the documents deals with the ICT security measures to be used in RESPOND project. As the

whole description of them will be addressed in task T5.5 Data protection and security measures due in

month 24, the following paragraphs are a summary of the measures already taken as it is a key part of the

solution designed.

6.1 BACK-END INFRASTRUCTURE

This section summarises the security measured taken into account regarding the back-end infrastructure

of the RESPOND solution.

Sensors MetersEnergy Assets

Actuators

Smart Mobile App

External systems (Aggregators,

Weather Forecast,

Home Automation

( EnergoMonitor/ Develco)

Energy Gateway (OGEMA)

Adapter (API)

EMS PlatformDEXCellEMDesktop

DashboardEMS

Middleware

(MQTT

Broker)

Analytic Services

Local Optimization

Production Forecast

Demand Forecast

Predictive Maintenance

Global Optimization

Semantic Repository

Optimized Control

Building Simulation

Historical DataTICK STACK

Input Output

Management Interface

Stream Processing

Time Series DB

Figure 3: RESPOND solution back-end infrastructure

RESPOND platform infrastructure has been designed in a modular fashion aimed to support service-

oriented architecture. As can be seen in Figure above, the backend server contains MQTT broker aimed

to support message exchange between different components, Historical data TICK stack with the goal of

storing and preprocessing the data and finally, the Analytic Services, where the core value of RESPOND

platform lies with advanced data analysis and recommendations in place.

All the data will be anonymized, meaning that by simply looking into the measurements stored in Time

Series database (InfluxDB), it is not possible to identify the source of such information. The pilot

responsible partners will be in charge of providing valid credentials for household occupants, which will

allow them to access the RESPOND platform via web and mobile application.



38 | 60

RESPOND platform will employ standard security mechanisms which are commonly used in similar ICT

systems:

• Hardware level security: RESPOND platform will be hosted in a physically protected environment

with restricted access. The cloud server, which will host different components of the RESPOND

system, will establish high level of secure access for configuration and installation by using SSH

with private key.

• Network level security: Different components of the RESPOND platform will communicate among

themselves by employing standard encryption mechanisms for internet communication such as

SSL/TLS. For wireless communication (e.g. communication between sensors and gateways),

secured versions of wireless protocols will be used (ZigBee, Bluetooth, Wifi, and Proprietary

Energomonitor encryption).

• Application level security: Communication with external services as well as internal RESPOND

components will be established through secure API with appropriate authentication and

authorization procedures established. Users of web and mobile application will be restricted to

access only data that are related to their household.

6.2 DESKTOP FRONT-END

In the RESPOND framework DEXCell Energy Manager, DEXMA’s software, has the role of Energy Manager

desktop. An interface where the measured data from all the facilities in all the dwelling clusters are

presented in order to support the Energy Manager to take decisions regarding energy consumption and

comfort levels.

Regarding the IT security of this solution, DEXCell, as a SaaS product, has already a well-prepared security

policy which is explained in the following section. The explanation is divided in two main parts: a) data

managed within DEXCell platform, and b) the security measures that are currently carried out to protect

it.

For further information about DEXMA security policy check the following brochure:



39 | 60

Figure 4: DEXMA front-end additional information 1



40 | 60

Figure 5: DEXMA front-end additional information 2

Application security

Regarding user access to DEXCell, it only requires a web browser to process HTML and JavaScript and no

additional plugins such as Java applets, Flash or ActiveX controls are required. Also, user passwords are

stored in a one-way encrypted system and forgotten passwords are reset by the user via an expiring URL

sent by email. This email allows the user to identify himself/herself and set a new password. User sessions

expire after 1h of user inactivity. In DEXCell, user roles and access can be configured to restrict access to

specific functionalities and sites of the organization.

API access requires permanent token authentication, which is unique for each pair of API users and client

accounts. Tokens can be revoked anytime, and API access log is monitored. API usage is restricted to a

certain number of requests (hourly and daily limits). Historical or semi-realtime data can be uploaded



41 | 60

using a password protected FTP server. DEXCell’s API design security measures description can be found

in the next table.

Sr. Control Compliance

1.

Application interfaces which are accessible from

zones with a lower security level shall be provided

over a secure communication channel.

API access outside of the DMZ is performed

with token-based authentication with rate-

limit policies

2.

Access to the application shall be authenticated

using distinct user accounts for each API

connected. If user level functions are provided,

then each user must be authenticated.

An authentication token will be given to allow

access to the application by each user.

3

The API must implement a proper error handler.

Stack traces and other internal information such

as code snippets, filenames, or internal IP

addresses shall not be disclosed to the entity

calling the API.

The API returns standard HTTP error codes

(401, 403, 404, 422, 503, ...) and handles the

errors and maps them to messages to deliver

just the required information to deal with the

error

Table 6: DEXCell API design security items

DEXCell’s architecture has a modular design, making it a fully scalable SaaS. It has a fault tolerant

architecture with a redundant service to guarantee data integrity. The infrastructure is secured by a DMZ

(demilitarized zone), exposing only external-facing services to the public network. DEXCell’s general

security items description and data management and protection measures can be found in the following

tables.


1. All applications are responsible for complying

with applicable laws and regulations.

DEXCell fulfils the EU General Data Protection

Regulation as it is described here.

2.

Production systems shall not use the same

environment as stage, testing, development or

pre-production systems. Each environment

must have a dedicated purpose.

Different environments for each purpose have

been used, environments are in different

datacentres.

3.

All consumer facing web pages and mobile

applications must contain a link to a privacy

statement.

DEXMA provides a link to a privacy statement:

https://www.dexma.com/about-dexma/dexma-

legal-stuff/privacy-policy/

https://get.dexmatech.com/hubfs/GDPR/Dexma%20Statement%20on%20GDPR_final.pdf

https://www.dexma.com/about-dexma/dexma-legal-stuff/privacy-policy/

https://www.dexma.com/about-dexma/dexma-legal-stuff/privacy-policy/



42 | 60

4.

Security devices (e.g. intrusion detection or

intrusion prevention systems) shall be

deployed to monitor traffic between

networks.

Intrusion detection and prevention tools are

deployed to DEXMA infrastructure in order to

prevent them.

5

The Cloud Service Provider must meet the

Security Assessment and Testing Detailed

Requirements for technical vulnerability

management.

DEXMA’s cloud service provider meets the

security assessment in order to prevent any

vulnerability

6

Platforms deployed exclusively for internal use

must be located in an internal only backend,

and under no circumstances shall they be

located in demilitarized zones (DMZs) or public

frontends.

Internal use platforms are located are isolated in

internal backends

7 All systems shall have appropriate anti-

malware software installed and active. All our infrastructure is Linux based

8

Security patches shall be tested in a test

environment prior to deployment in

production.

Every installation it's tested in the staging

environment before release it to production.

Table 7: DEXCell general security items


1.

All processes that receive data input (both

manual and automated) shall control and

validate input data in terms of formatting,

length and syntax.

All inputs are being validated by DEXMA’s system

2

All operations that modify data (e.g. update,

delete, insert) shall ensure that no

intermediate stage in the operation that can

lead to data integrity problems. Either the

operation is fully completed or fully

incomplete.

Modify operations that affect multiple objects

are surrounded with transactions or alternative

"programmatically handled" mechanisms when

data is in different databases or managed by

other applications

3

System critical data shall be transmitted along

with checksums using strong hash functions to

ensure data integrity during transmission.

In terms of data acquisition, we have integrations

with multiple existing vendors and protocols.

Whenever possible we use protocols that ensure

data integrity

Table 8: DEXCell data management & protection security items



43 | 60

Server security

A global cloud firewall allows only traffic routed to specific public Ips and ports, while each server has its

own firewall software installed. Several security measures are implemented:

- IP addresses ban after 5 failed login attempts.

- Access log monitored to detect intrusions.

- Regular updates and security patches of the OS and software installed in all servers.

- 24x7 active monitoring with on-Call duties by DEXMA’s operations team.

- 500+ active checks to monitor uptime and performance of production servers.

- Cloud infrastructure backend requires strong validation password and 2-factor-step

authentication in order to access to the administration interface.

Database server policies include data replication in real time to multiple servers to guarantee high

availability upon hardware or network problems. Also, full backups of all databases are done every 8 hours

and daily backups are transferred to external servers. Backup security measures can be found in following

table.


1.

Backup &

recovery

Process

DEXMA implements real time replication system in our databases allowing the

service to be provided even in case of network failures or disk failures.

Also, three snapshots every day are performed, and a rotating policy is applied

in order to keep more snapshot density from most recent backups and less

density of older backups up to 12 months of age.

Recovery of a backup can be done in less than 1hour and it is periodically

tested in our pre-production environment once a day.

2.

Disaster

Recovery

Process

In order to recover the full infrastructure, we would need to perform the

following steps:

1- Create the servers and install required software (DBs, web servers, etc.) in

each of them.

2- Install RESPOND applications

3- Configure this RESPOND application to point to other applications, DBs and

other backends

4-Restore databases from backups

Steps 1,2 & 3 are automated with configuration management tools

Step 4 is a manual process, fully documented, because it requires a user to

choose the most appropriate snapshot to restore. Only authorized personnel

have access to it.

Table 9: DEXCell backup, recovery & availability security items



44 | 60

6.3 MOBILE APP

Regarding security there are three topics to be taken into account; Secure communication Channel,

trustability of the Certification Authority and Personal Data interchanged between mobile app and cloud

server.

Secure communication channel

The access from the mobile app to the cloud will be done taking leverage of an encrypted communication

channel. For this purpose, an TSL certificate will be used.

Transport Layer Security (TLS) is the current encryption standard after Secure Sockets Layer (SSL) was

broken. TLS is a standard security technology for establishing an encrypted link between a server and a

client, in this case between the mobile app and cloud server.

TLS certificates have a key pair: a public and a private key. These keys work together to establish an

encrypted connection. The certificate also contains what is called the “subject,” which is the identity of

the certificate/website owner.

TLS allows sensitive information such as login credentials to be transmitted securely. The data

interchanged between the mobile app and cloud server is sent in ASCII JSON format by the use of a REST

API services. The TLS certificate encrypts this human readable data format, in an encrypted data, which

cannot be un-decrypted without private encryption key

The Flow of data is the following

1 - The server provides the public key to the client.

2- The client uses the public key to encrypt the data and sends it to the Server.

3- The server uses the private key to decrypt received data.

Figure 6: Mobile app security schema



45 | 60

Trustability of the certification authority

The TSL certificate is signed by a registered and well-known Certificate Authority (CA) that ensures that

the certificate belongs to the company and server defined inside the certificate.

For the RESPOND Project within the server at IK4-Tekniker premises, the certificate will be signed by the

CA DigiCert.

DigiCert Inc. is a multinational technology company focused on digital security and headquartered in Lehi,

Utah with international offices in Australia, England, Ireland, Japan, South Africa and Switzerland. As a

certificate authority (CA) and trusted third party, DigiCert provides the public key infrastructure (PKI) and

validation required for issuing digital certificates or TLS/SSL certificates. These certificates are used to

verify and authenticate the identities of organizations and domains and to protect the privacy and data

integrity of users’ digital interactions with web browsers, email clients, documents, software programs,

apps, networks and connected IoT devices.

Personal data interchanged between mobile app and cloud server

In the first request the data to be interchanged between the mobile app and server will be the user and

his/her password. The server will provide a token for the following requests. This token will have an

expiration time for limiting data exposition time in case the security integrity is lost

For the following requests, a security token approach will be used to ensure the Data Protection

Regulation in which users can only access the information related to themselves and their dwellings.

All data transmitted by the App is anonymized because it is only related to an ID. Private information

related to the user such as the address of the dwelling, will only be stored in the smartphone and this data

will not be transferred to the cloud server.



46 | 60

7. OTHER ENTITIES RECOMMENDATIONS

This section encompasses several recommendations to be taken into account in the data life cycle

management to be applied to RESPOND project.

As explained previously, although RESPOND project is fully aware of the key importance of handle data

properly and preserve personal data, the project is not taking part in the Pilot on Open Research Data in

Horizon 2020 but it will follow the EU Data Management Plan template to show how the project

consortium is intended to manage the data life cycle along with the following recommendations that are

explained in the following paragraphs.

7.1 OPEN ACCESS

The beneficiaries of H2020 grants needs to deposit all the scientific publications that are prepared in the

framework of the research financed by this program. In addition, the European Commission has launched

a pilot that makes the deposit of research data mandatory within the framework of projects.

Open access means access on line without obstacles or cost to the end user to peer-reviewed scientific

publications and to research data. However, open access does not imply the requirement to publish

(researchers are free to decide whether or not to publish). It does not interfere with the decision to

commercially exploit research results (e.g. patent) as the obligation to deposit in open access occurs once

the decision to publish has been made. Moreover, the publications are not of lower quality due that they

are subject to the same peer review process as the commercial access publications.

The European Commission strategy regarding Open access policies is to develop and implement a

European open access policy while encourage the development of open access state policies and

contribute to the coordination of open access policies among the Member States.

The Open Science pilot represents a new approach to the scientific process based on cooperative work

and new ways of knowledge distribution using digital technologies and new collaborative tools (OSPP) like

open access to articles, open access to data, open software, open source, open peer-review; citizen

science, etc.

All these initiatives leverage the Responsible Research and Innovation (RRI) key concept in H2020.

According to the ARTICLE 29-DISSEMINATION OF RESULTS-OPEN ACCESS-VISIBILITY OF EU FUNDING the

beneficiaries must:



47 | 60

Furthermore, there exist a pilot to finance publications of FP7 projects called OpenAIRE Towards a

Competitive and Sustainable OA Market in Europe -A Study of the Open Access Market and Policy

Environment”. This pilot was launched in 2015 with 4 million € to finance publications of FP7 projects

completed in less than two years. Maximum three publications per project (research articles,

monographs, book chapters, conference proceedings). https://www.openaire.eu/participate/deposit-

publications-data

29.2 Open access to scientific publications

Each beneficiary must ensure open access (free of charge, online access for any user) to all peer-reviewed scientific publications relating to its results.

In particular, it must:

a) as soon as possible and at the latest on publication, deposit a machine-readable electronic copy of the published version or final peer-reviewed manuscript accepted for publication in a repository for scientific publications; Moreover, the beneficiary must aim to deposit at the same time the research data needed to validate the results presented in the deposited scientific publications.

b) ensure open access to the deposited publication — via the repository —at the latest:

(i) on publication, if an electronic version is available for free via the publisher, or

(ii) within six months of publication (twelve months for publications in the social sciences and humanities) in any other case.

c) ensure open access — via the repository — to the bibliographic metadata that identify the deposited publication. The bibliographic metadata must be in a standard format and must include all of the following:

• the terms [‘European Union (EU)’ and ‘Horizon 2020’][‘Euratom’ and Euratom research and training programs 2014-2018’];

• the name of the action, acronym and grant number;

• the publication date, and length of embargo period if applicable, and

• a persistent identifier.

https://www.openaire.eu/participate/deposit-publications-data






48 | 60

Figure 7: Open access to scientific publication and research data

7.2 RESEARCH DATA

Research data refers to information, in particular facts or numbers, collected to be examined and considered and as a basis for reasoning, discussion, or calculation. In a research context, examples of data include statistics, results of experiments, measurements, observations resulting from fieldwork, survey results, interview recordings and images. The focus is on research data that is available in digital form.



49 | 60

As explained before there exist a Pilot on Open Research Data in Horizon 2020 that implies:

The objective is to ensure that the research data generated in Horizon 2020 projects are accessible with the least possible restrictions but protecting sensitive data from inadequate access. This pilot does not imply that all research data should be opened, but rather seeks to promote good data management, as a good practice. For example, in the following situations it is not necessary to keep data open:

• Protection of industrial property rights: protect results if commercial exploitation is planned

• Protection of personal data

• Confidentiality in relation to security matters

• The main objective of the project is compromised

• No data is generated in the project

• Other reasons to justify It is possible to choose not to share data at different times throughout the life of the project.

29.3 Open access to research data

[OPTION for actions participating in the open Research Data Pilot: Regarding the digital research data generated in the action (‘data’), the beneficiaries must:

a) deposit in a research data repository and take measures to make it possible for third parties to access, mine, exploit, reproduce and disseminate — free of charge for any user — the following:

(i) the data, including associated metadata, needed to validate the results presented in scientific publications as soon as possible;

(ii) other data, including associated metadata, as specified and within the deadlines laid down in the ‘data management plan’ (see Annex 1);

b) provide information — via the repository — about tools and instruments at the disposal of the beneficiaries and necessary for validating the results (and — where possible — provide the tools and instruments themselves).

This does not change the obligation to protect results in Article 27, the confidentiality obligations in Article 36, the security obligations in Article 37 or the obligations to protect personal data in Article 39, all of which still apply.

As an exception, the beneficiaries do not have to ensure open access to specific parts of their research data if the achievement of the action's main objective, as described in Annex 1, would be jeopardised by making those specific parts of the research data openly accessible. In this case, the data management plan must contain the reasons for not giving access.]



50 | 60

8. DATA LIFE CYCLE MANAGEMENT

This part of the document summarizes somehow all the previously shown about data types, data

protection policies (both national and EU level), ICT security measures and recommendations.

As introduced before, it is encouraged as a suggestion to create a Data Management Plan. These plans

are usually a deliverable or part of a deliverable within the project. They are not a static document, it must

evolve and gain in precision during project lifetime being necessary a new version whenever there are

important changes in the project. The DMP not only indicates which data will be open and which will not,

it also addresses these important aspects:

▪ What kind of data will the project collect or generate? and for whom can they be useful later?

▪ How data is generated or collected

▪ Criteria for data selection

▪ Relationship with the objectives of the project

▪ According to what standards, how will they be documented

▪ Who can access them

▪ Where and how will they be stored

▪ Where and how they will be shared and preserved in the long term

▪ How they will be made accessible

It is suggested to store the data along with metadata19 information and associated documentation,

algorithms, software and any other used tools. All this information must be managed in such a way that

it can be reused in the future following the FAIR rule:

Figure 8: FAIR data diagram

19 Metadata: structured descriptions of an information object whose purpose is to facilitate the tasks of description, recovery,

management, preservation, access and use of objects. They make possible the reuse in the future.

http://ec.europa.eu/research/press/2016/pdf/opendata-infographic_072016.pdf



51 | 60

▪ Findable:

It is necessary persistent identifiers, metadata, keywords, uniform file nomenclature and well-identified

versions. What is the data about? Who created them and why? In what formats are they available? The

metadata answers these questions in order that they can be both found and understood, ideally according

to the specific standards of their scientific discipline or field of work. The diagram of metadata is

determined by the chosen repository while it is very important to the use of unique identifiers to locate

and quote datasets.

▪ Accessible:

What data will be accessible and how, where will be located both data and metadata (repository),

software, tools. It necessary to address also how to share the data in terms of technical requirements,

software, tools, open/restricted access, conditions of use. And, moreover, the legitimate reasons why

research data are not shared should be detailed in the Data Management Plan.

Regarding data conservation it is key to select a repository 20that preserves data, metadata and long-term

tools. The data may be used in the future on the basis of not only correct storage and backup copies, but

also, that the software is properly preserved.

There are quite well-known repositories such as Re3data (www.re3data.org) and Zenodo

(www.zenodo.org) for example.

▪ Interoperable:

Looking to allow data to be exchanged between systems, repositories, etc. in the same discipline or among

several it is key to take care of the vocabularies, standards or standardized methodologies used.

▪ Re-usable:

It should be allowed the access, extraction, exploitation and reproducibility of data. Restrictions,

embargoes, conditions of access to data must be clearly stated along with the license used.

It is endorsed to use open licenses recommended in the H2020 guidelines like CC-BY / CC-0.

Below it is possible to find a diagram where the general research data life cycle phases are shown. Note

that there is a continuous process where the different aspects should be addresses in a constant way.

20 Criteria advises to select a repository: https://www.openaire.eu/opendatapilot-repository

http://www.re3data.org/

http://www.zenodo.org/

https://www.openaire.eu/opendatapilot-repository



52 | 60

Figure 9: Research data life cycle. Source: http://www.data-archive.ac.uk/create-manage/life-cycle

The following sections has been developed following the Horizon 2020 guidelines (EC DG R&I, 2015) with

additional guidance from the UK’s Digital Curation Centre (DCC), via the web resource DMP Online

https://dmponline.dcc.ac.uk/ where RESPOND project has created an account to create, update and store

its Data Protection Plan.

https://dmponline.dcc.ac.uk/



53 | 60

8.1 ARAN ISLAND PILOT SITE

The below table summarized the specific characteristics of the data life cycle management for Aran Islands

pilot site:

PILOT: ARAN ISLANDS (IRELAND)

Data Manager: COMHARCHUMANN FUINNIMH OILEAIN ARANN TEORANTA (ARAN)

Dataset description: Pilot electricity consumptions in dwellings: total, tumble dryer, heat pump, washing machine and electrical heater. Battery electricity consumption. Pilot comfort parameters in dwellings: temperatures in 3 rooms. Humidity in 3 rooms. CO2 in Livingroom. PV generation.

Acquisition procedure: ARAN have collected participants information manually during individual visits. The data of the installed sensors are being collected automatically through the gateways of Develco and Energomonitor and is being send to RESPOND server.

Data security (acquisition, transmission, storage and access):

EU regulation + national law best practices

Personal data: All the personal data collected in the trials have been anonymized previously to share the information with the rest of the partners of the project. Only the data manager are able to link personal data with the anonymized one. For the proper performance of the project, mainly regarding engagement, it is unavoidable the need of some personal data.

Data privacy (acquisition, transmission, storage and access):


Auditing: Company compliance reports + RESPOND platforms security measures and historical logs

Certifications and standards: GDPR. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Table 10: Aran Island pilot data management summary



54 | 60

8.2 AARHUS PILOT SITE

The below table summarized the specific characteristics of the data life cycle management for Aarhus pilot

site:

PILOT: AARHUS (DENMARK)

Data Manager: AURA AS (AURA) & AALBORG UNIVERSITET (AAU)

Dataset description: Pilot electricity consumptions in dwellings: total, tumble dryer, dishwasher, washing machine. Pilot thermal consumptions in dwellings: total. Pilot comfort parameters in dwellings: temperatures in 4 rooms and 8 radiators. Humidity in 4 rooms. VOC in Livingroom. PV generation.

Acquisition procedure: AURA and AAU have collected participants information manually during workshops and surveys. The data of the installed sensors are being collected automatically through the gateways of Develco and is being send to RESPOND server. The PV production is being gathered through a web scrapper from the ALBOA PV web implemented by IMP.








Table 11: Aarhus pilot data management summary



55 | 60

8.3 MADRID PILOT SITE

The below table summarized the specific characteristics of the data life cycle management for Madrid pilot

site:

PILOT: MADRID (SPAIN)

Data Manager: FENIE ENERGIA (FEN)

Dataset description: Pilot electricity consumptions in dwellings: total, air conditioned, dishwasher, washing machine. Pilot water consumptions in dwellings: DHW (both hot and cold). Pilot comfort parameters in dwellings: temperatures in kitchen, Livingroom and bedroom. Humidity in kitchen and Livingroom. CO2 in Livingroom. Thermosolar generation and temperatures. Common areas electricity consumptions

Acquisition procedure: FEN have collected participants information manually during individual visits. The data of the installed sensors are being collected automatically through the gateways of Energomonitor and is being send to RESPOND server. The Thermosolar measures are being collected through the OpenMUC application implemented by TEK. The water consumption is being gathered through a web scrapper from the meters company web implemented by FEN.








Table 12: Madrid pilot data management summary



56 | 60

8.4 RESPOND AS A WHOLE DMP

As a summary, the data management cycle of the RESPOND platform backend can be divided in the

following steps:

1. Data acquisition and capture: comprises collection and storage of data obtained by sensors and

smart meters deployed in pilot households, collection and storage of data obtained by public

weather and energy pricing services, as well as input relevant data necessary for the operation of

RESPOND platform.

2. Data Backup and Recovery: In order to ensure continuous operation of RESPOND, frequent backup

of the stored data will be performed in an automated manner and stored on separate backup

system which is physically secured and only accessible by authorized personnel.

3. Data management and maintenance: This is the process by which accurate data is available in real

time for use and publication. In RESPOND, the analytic services will process and combine available

data to provide the value to the end users via mobile and web application.

4. Data retention and destruction: All the collected data as well as the data provided by analytic

services will be retained as long as it is necessary for the project. Before destroying data, it will be

confirmed whether there are any policies in place that would require the data to be retained for a

certain period of time.

8.4.1 CLASSIFICATION OF DATA AVAILABILITY

Data availability is therefore categorized at this stage in one of three ways:

▪ Open Data, that is shared for re-use or that underpins a scientific publication.

▪ Consortium, Confidential data that is accessible to all partners, but retained within the consortium

and subject to the project Non-Disclosure Agreement (NDA).

▪ Private, data that is maintained by an individual partner for their own purposes.

Much of the data gathered by the project is for the purpose of project management and delivery rather

than new knowledge creation; it is therefore likely that much of the data is categorized as Consortium.

However, the project will seek to openly disseminate its research findings, except in cases where there

are defined exploitable outcomes, privacy concerns or there will be a high administrative burden for a

dataset or limited worth to other users.

8.4.2 COPYRIGHTS LICENSES

When material is, widely shared, copyright licenses protect the authors of work and grant specific rights to publishers and others to use this work. The European Commission encourages authors to retain their copyright whilst disseminating it as open access. Creative Commons provides legal tools to enable open access in these circumstances, with CC-BY (Creative Commons Attribution International license) and CC0 (Creative Commons No Rights Reserved license) enabling re-use by third parties. Where research findings



57 | 60

are published in a journal or other scientific outlet there should be consideration of the copyright agreement with the publishers, which may involve an embargo period. At this initial stage it is not possible to define the copyright arrangement for each project dataset. The most appropriate licensing arrangements for each of the project datasets will be investigated as they are better characterized by their respective work packages and the WP7 Dissemination and Exploitation Activities. The final data management plan will be updated to that effect.

8.4.3 DATA STORAGE AND SHARING

The project has several main data storages and sharing facilities according to the type of data and its intended accessibility.

▪ Private: Stored locally on organizational networks and assets, subject to institutional back up practices.

▪ Consortium: FEN manages a Google drive space which is secure, robust and accessible to all partners. Consortium data will be uploaded to this cloud storage for simple, secure access for all partners from within a web browser. Data is maintained with regular offsite backups.

▪ Open: Three facilities will be used during the project. i) The project website http://project-respond.eu/, managed by DEXMA, will be the first point

of contact for public dissemination. It will host project technical reports and other materials such as events listings, blog articles, images, videos, links to partner organizations and related projects.

ii) Researcher partners will make scientific publications indefinitely accessible and discoverable in the mode of “green” open access publishing if possible.

iii) It is under assessment to deposit in an open data repository, e.g. Zenodo, the datasets that will be generated during project life time.

8.4.4 DATASETS TEMPLATE

For the description of the datasets below it have been used the below template that is based upon the Horizon 2020 Initial DMP template provided by the UK’s Digital Curation Centre (DCC) via the web resource DMP Online https://dmponline.dcc.ac.uk/ Information about each dataset has been collated by Task Leaders in the format presented below.

DATASET XXX (+related task)

WP / Task & Data Manager Work Package and/or Task numbers related to the dataset, and the Data Manager who takes responsibility.

Dataset name/description Dataset name or description

Availability Private, Consortium or Open

Mandatory Metadata European Union; H2020; Integrated Demand REsponse SOlution Towards Energy POsitive NeighbourhooDs; RESPOND; GA 768619

https://dmponline.dcc.ac.uk/



58 | 60

Dataset Specific Metadata Keyword(s) that categorize data to make it linked/searchable

Data set description Data description, origin, nature, scale, if it underpins a publication, who useful to, existence of similar data, possibilities for reuse.

Standards Reference to existing standards in topic area governing data collection, aggregation, storage and sharing.

Data sharing How the data will be shared, identification of repository, existence of embargo period if any, identification of software or tools necessary for reuse.

Archiving and preservation (storage/backup):

The procedure for long-term preservation, length of preservation, an estimation of costs and how this will be covered.

Table 13: Datasets template

8.4.5 PROJECT DATASETS

This is a preliminary version of the Data life cycle management policy taken into account that the task T7.3 Data life cycle management ends in month M36 and the deadline for this preliminary deliverable is month M18. Moreover, as RESPOND project is not under the obligations of the Open Research Data in Horizon 2020 pilot deadlines it is intended to finish the characterization of all the dataset during the next months as well as finish to fulfill the DMP Online as explained before. The complete list of datasets will be available in this section in the final version of this policy deliverable.



59 | 60

9. CONCLUSIONS

Across this deliverable it has been addressed the data life cycle management policies necessary to

safeguard at all time both, the privacy of the trials participants in the pilot sites and the unauthorized

access to the information in the ICT related environment.

It is important to note that this is a preliminary version of the policies to be used in RESPOND project and

therefore this document must be updated with the work done during the second half of project’s lifetime.

Some sections will be rarely updated as they refer to more static information like country policies on data

managements and other ones will be more dynamic as refers, for instance, to the datasets used in the

project reflected in the Data Management Plan which should be defined in the next month.

The first section of the deliverables makes a clear distinction among sensitive data and non-sensitive one.

During the project, only the pilot sites coordinators will know personal data such us name, addresses and

contact details for engagement purposes while all the information shared between project’s partners will

be anonymized and of non-sensitive nature.

Following, a summary of the special data protection policies in each of the three countries hosting a pilot

taking part in the project, namely, Ireland, Denmark and Spain have been introduced. This section is

followed by a general overview of data protection measures in the whole Europe mainly concentrated in

the new GDPR entered into force in May 2018 which all EU members are obliged to fulfill in addition to

their national policies.

A specific application for the project of this regulation have been explained in detail through the RESPOND

GDPR approach section. Fenie Energía as the coordinator is the Data Responsible according to the policy

and the rest of the partners are able to access data as Treatment Managers. These relationships are

written in specific contracts among the partners.

Regarding the ICT security issues, already designed and implemented measures have been described in

this deliverable as the specific ITC security task actually stars after the deadline for this document as it is

key to secure data from the first day. It has been also addresses some recommendations regarding Open

Access and research data pilot as encouraged by the EC in H2020 framework

Finally, the last section of the documents makes up the Data Management plan to be fulfilled in the project

where everything is defined and the only pending issue to be developed during the second half of the

project is to totally define the datasets used and to fulfill that information in the DMP Online selected

tool.



60 | 60

REFERENCES

RESPOND DOCUMENTS

D5.5 Data protection and security

EXTERNAL DOCUMENTS