Article 22, Rulebook
1. The Commission shall adopt delegated acts in accordance with Article 32, supplementing this Regulation by establishing a rulebook laying down:
(a) appropriate information requirements to ensure that data subjects and data holders are provided, before a consent or permission for data altruism is given, with sufficiently detailed, clear and transparent information regarding the use of data, the tools for giving and withdrawing consent or permission, and the measures taken to avoid misuse of the data shared with the data altruism organisation;
(b) appropriate technical and security requirements to ensure the appropriate level of security for the storage and processing of data, as well as for the tools for giving and withdrawing consent or permission;
(c) communication roadmaps taking a multi-disciplinary approach to raise awareness of data altruism, of the designation as a ‘data altruism organisation recognised in the Union’ and of the rulebook among relevant stakeholders, in particular data holders and data subjects that would potentially share their data;
(d) recommendations on relevant interoperability standards.
2. The rulebook referred to in paragraph 1 shall be prepared in close cooperation with data altruism organisations and relevant stakeholders.
Understanding Cybersecurity in the European Union.