Element 76Element 74Element 77Element 73 Element 73

Legal expertise
for the benefit of the railways

Data Protection

Data protection issues in international carriage by rail have become increasingly prominent since the entry into force of the EU’s General Data Protection Regulation (GDPR). CIT sees itself as a competence centre for railway undertakings in data protection issues.

Next events

 <  November 2020  > 

Mo
Tu
We
Th
Fr
Sa
Su

26

27

28

29

30

31

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

1

2

3

4

5

6

Experts Group Data Protection

The Data Protection Group of Experts handles all matters connected with application of the EU General Data Protection Regulation (GDPR) in respect of international carriage by rail. It draws up standards for railway undertakings, shares best practice, and weighs up the impact on CIT members of decisions taken by the authorities.

Documents

MDP Dec. 15, 2019
Jan. 8, 2020

Manual on Data Protection for Transport Undertakings (MDP)

The Manual on Data Protection for Transport Undertakings (MDP) provides CIT members with an introduction to the general principles of data protection, as well as more detailed explanations on specific points of interest for transport undertakings. It includes the CIT Guidelines on Protection of Privacy and Processing of Personal Data used in International Passenger Traffic by Rail, the commentary to the articles of the GDPR with summaries of decisions and rulings and the answers to questions raised by CIT members, examples of “good practice” clauses and boilerplate contracts on data processing

 

Applicable with effect from 15 December 2019 / Edition 15 December 2019

92 pages

 

GDP CIT
July 1, 2019

CIT Guidelines on Protection of Privacy and Processing of Personal Data used in International Passenger Traffic by Rail

The present Guidelines are of recommendatory non-binding nature and are primarily designed for the CIT Members established in the European Union (EU) or offering services to natural persons in the EU. The Guidelines present an overview of the main notions and principles applicable to personal data protection and privacy in the EU as established by the Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Applicable with effect from 1 July 2019 / Edition 1 July 2019

54 pages

Appendix 1: CIT Model Data Processing Contract
Appendix 2: CIT Model Data Processing Contract, Appendix […] to the Agreement concluded on […]

 

GDP CIT
Oct. 1, 2018

CIT Guidelines on Protection of Privacy and Processing of Personal Data used in International Passenger Traffic by Rail

The present Guidelines are of recommendatory non-binding nature and are primarily designed for the CIT Members established in the European Union (EU) or offering services to natural persons in the EU. The Guidelines present an overview of the main notions and principles applicable to personal data protection and privacy in the EU as established by the Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Applicable with effect from 1 October 2017 / Edition 1 October 2018

40 pages

Appendix 1: CIT Model Data Processing Contract
Appendix 2: CIT Model Data Processing Contract, Appendix […] to the Agreement concluded on […]

 

1-Amendment GDP CIT
Oct. 1, 2018

CIT Guidelines on Protection of Privacy and Processing of Personal Data used in International Passenger Traffic by Rail

The two new boilerplate contrats for the processing of data and the point 11.4 of the GDP CIT were adopted by the CIV Committee in June 2018.

Applicable with effect 1 October 2017 / Edition 1st October 2018

40 pages

Appendix 1: CIT Model Data Processing Contract
Appendix 2: CIT Model Data Processing Contract, Appendix […] to the Agreement concluded on […]

Note
June 29, 2020

Older versions can be obtained from the CIT General Secretariat.