Data protection
In pursuit of its international protection and solutions mandate, UNHCR is often required to process personal data of individuals including persons of concern, UNHCR personnel, donors, suppliers partner staff visitors and others.
It is essential that evidence-based programming incorporate rigorous personal data protection and privacy standards from the outset, specifically during the design phase. Establishing clear, agreed-upon and transparent objectives is central to the incorporating such personal data protection and privacy standards.
UNHCR’s General Policy on Personal Data Protection and Privacy establishes a unified data protection and privacy framework for the Organization, and includes data protection and privacy standards, the rights of data subjects, roles and responsibilities for personal data processing, and processes for the exercise of data subject rights and for complaints and redress requests by data subjects. These are implemented through context-specific UNHCR guidance documents (“implementing instruments”) which concretely operationalize the data protection and privacy standards for particular UNHCR activities, operations and processes.
UNHCR maintains a comprehensive internal repository that includes relevant instruments, materials, and tools. Additionally, it offers a dedicated external webpage that provides access to available instruments, materials, and tools.