12.1 What personal data may be included in the application documents, including the self-evaluation and the annexes?

Higher education institutions are subject to the General Data Protection Regulation (GDPR). In addition, the Data Protection Act of the respective Federal States applies to state higher education institutions; the Federal Data Protection Act applies to private higher education institutions. As the responsible bodies, the higher education institutions must check whether the transfer of personal data contained in the application documents, in particular in CVs, to the German Accreditation Council is lawful. They must also carry out the necessary data protection clarifications. They must confirm both when submitting the application in the electronic application processing system ELIAS.