Home>Support>Data protection

Data protection

Data processing at Sciences Po falls within a French and European legal framework for data protection (RGPD, General Data Protection Regulation). Its objective is to strengthen the rights of individuals and to empower the controller and processor making personal data processing.

Take advice from the Sciences Po Data protection officer

Teachers can find advice individually from the DPO of Sciences Po Nawale Lamrini, on their issues related to the management of personal data and respect for privacy. To do this, contact the DPO department at dpo@sciencespo.fr.

understand key concepts

The data processing at Sciences Po has to comply with the French and European legal framework for data protection (especially the General Data Protection Regulation, named “GDPR”). It aims to strengthen people's rights and empower data actors.

You are involved because of three reasons:

  • Your data is processed by Sciences Po and its partners who run or contribute to your studies and student life;
  • You want to collect, access, share the data of other people, especially those of your students;
  • You ask students, in the context of academic works, to implement new personal data processing.

Personal data is any information that directly identifies (name, surname, email address, etc.) or indirectly (phone number, IP address, etc.) a person.

A personal data processing is an operation (or several operations) made on personal data. This ranges from simple data collection to transformation or dissemination.

Managing tuition data, implement a survey, update a contact database, sharing personal data on a website or to a third party are examples of personal data processing, as for the law.

A data controller implements data processing by committing to its right compliance with the law.

Any processing of personal data must be lawful and fair. Information on the processing of these data must be easily accessible and formulated in such a way that it makes easier understanding.

When needed, the consent must be given by voluntary, clear and free act by the data subject who agrees in a specific, informed and unequivocal way to the processing of its personal data.


  • Computers, mobile phones, tablets, etc. : same fight !
  1. Encrypt your equipment (Learn more about encryption on the CNIL website)
  2. Accept updates (antivirus, firewall, OS, applications)
  3. Do not connect suspicious removable devices to your devices
  4. Put on stand by your equipment in case of absence
  5. Always disconnect from public computers
  • Your password is in good hands: yours
  • Separate your Sciences Po password from passwords used in your private life and choose one for each digital account
  • Never write your password and never share it with anyone
  • Never save your passwords in your browser
  • Use your Sciences Po account firstname.lastname@sciencespo.fr to exchange with the administration
  • Do not collect or disseminate the personal data of other students, teachers or staff without their consent
  • Respect and obtain copyright and image rights before reuse of content found on the web
  • Anonymize your surveys or comply with the GDPR obligations


When you carry out questionnaires as part of your teaching, you must learn how to inform, obtain the consent of the participants, and comply with European data protection regulations.

Teachers, you are invited to contact your DPO at dpo@sciencespo.fr to be accompanied in your compliance procedures.

If you need to process personal data for academic purposes, and that the data processing is not planned within the Sciences Po IT environment, you need to comply with the law. Contact the DPO department in dpo@sciencespo.fr. Your Data Protection Officer may contact you to accompany you.

Your students are also subject to the declaration of the processing of personal data. Encourage them to complete the legal formalities beforehand.

The implementation of new data processing requires questioning the possibility to "generate a high risk" for the data subjects.

Evaluate the risks raised by your data processing using the document "Is a risk analysis necessary?" (GDoc on authentication) and promote the tool to your students.

Within the frame of academic works, when the processing of personal data, taking into account its nature, scope, context and purposes, is likely to generate a high risk for the rights and freedoms of natural persons, it is expected that the teachers write, before processing, an analysis of the impact of the data processing operations on data subjects (DPIA), and share it to the Data protection officer. The students who implement sensitive data processings within the frame of their academic works have also to write a DPIA and submit to their teacher, who organize those academic works

Use the Data Protection Impact Analysis (AIPD) model (GDoc on authentication, FR).

If you think you are a victim of hacking, renew the compromised identifiers and report the incident to the people or organizations concerned (your institution, bank, tax center, Internet access provider, etc.).

In case of data breach, immediately contact cnil@sciencespo.fr and sos@sciencespo.fr.