Personal Data Protection

As a public institution, EPFL aims at being an exemplary organisation. Transparency is a core EPFL value and we are committed to building strong and sustainable relationships with our stakeholders.

We are convinced that the protection of personal data is not a constraint to be respected but a means and an opportunity to strengthen citizens’ confidence in science


EPFL processes a large quantity of personal data and attributes great importance to data protection and to privacy. We know that when a third party entrusts personal data to us, it is relying on us.

This section will help you to find the main information about personal data protection, such as definitions, key principles or rights you can exercise as natural person

Some general definitions about personnal data, data controller, data processor, etc.

What is important when processing personal data is to keep in mind the fundamental principles of the law.

One fundamental right of the Data Protection Laws (FADP and GDPR) is the access right.

EPFL processes a large amount of personal data and attributes great importance to data protection.

Training staff on data protection is one of the DPO’s key activities.

In practice

In this section you’ll find some concrete examples and best practices adapted to EPFL.

The Guidelines for research involving personal data.

You will find various examples that you may face, as well as best practices to adopt.

Other sections

In this page you will understand the role of the Data Protection Officer (DPO) at EPFL