| No. | Criteria (descriptions available) | Yes/No |
|---|---|---|
| 1 | Evaluation or scoring | No |
| 2 | Automated-decision making with legal or similar significant effect | No |
| 3 | Systematic monitoring | No |
| 4 | Sensitive data or data of a highly personal nature | No |
| 5 | Data processed on a large scale | Yes |
| 6 | Matching or combining datasets | No |
| 7 | Data concerning vulnerable data subjects | Yes |
| 8 | Innovative use or applying new technological or organisational solutions | Yes |
| 9 | When the processing in itself "prevents data subjects from exercising a right or using a | No |
| DPIA likely to be required | No |
Comment: data about NROs, institutions and locations doesn't contain data about children. Logs contains IP and MAC address and GÉANT don't have way to identify users without information form IdPs and SPs. Data about end users are processed in encrypted form and are not available to GÉANT.
5. In 2017. the eduroam AuthN system recorded more than 834 million international authentications.
7. Personal data of children are processed, but in encrypted form not readable to GÉANT.
8. Innovative organisational solutions are used. Common eduroam policy has been applied in large number of federations around the world (usually countries (as of May 2018 86).