Cosgrove Surname Project

  • 111 members


GDRP Compliance

As many of you know, the European Union implemented the GDRP privacy protection law on 25 May 2018.  Its a far reaching law that is designed to protect the privacy of European Union citizens.  Its far reaching because it does impact genetic genealogy research efforts and DNA projects such as this one.  To comply with GDRP requirements, Family Tree DNA is requiring Project Administrators to abide by new protocols for how they manage their DNA projects.  The International Society for Genetic Genealogy has recommended that all project administrators post the following do's and do not's as well as a privacy statement:

Cosgrove Surname Project Privacy Statement:

As Administrator of the Cosgrove Surname Project, I give priority to protecting your privacy and to the confidentiality of your personal data. In particular I will not publish your full name, e-mail address or other contact details, or share this information with any other project member or other person or organisation without your specific written approval (standard practice is to email you and retain a copy of your response on file).

The only personal data we hold is that relevant to meeting the published goals of our Project, and which has been made available to us by Family Tree DNA, in the same format as they make it available to you, or which you have given us direct by e-mail or by post. We hold this data indefinitely or until you request its deletion.  You may also request a more updated version direct from the Project Administrator.   Specific personal information that is retained strictly in support of the project's goals are:

- Y-DNA STR and SNP results recorded under each Kit# (such as those displayed by FTDNA on our project webpage).
- Information provided by project members regarding the Cosgrove ancestors within their pedigrees (gained from your postings or direct emails to me).

I do not retain personal information such as email addresses, mailing addresses, or phone numbers (there is no need for this in my opinion).  

We will be pleased to correct any errors in your personal data that you bring to our attention.At your request at any time we will promptly remove your data from our project files. However we cannot retrieve data thathas previously been posted in the public domain.In our administration of this project we endeavour to comply with the most recent guidance issued by ISOGG( and by FTDNA (,and with the Genetic Genealogy Standards(

I endeavor to respond promptly to any queries or complaints you may make about my handling of your personal data for this Project. However you should be aware that some of your concerns may be better forwarded direct to Family Tree DNA. 

Bob Cosgrove (

Do's as your Project Administrators:
- I am committed to protecting your privacy and your personal data
- All project members should be aware that you should contact Family Tree DNA directly about any issues regarding access, updating, query, or complaints about personal data and consents unless your concerns are only relevant to our project; in those cases, we can handle the issue for you.
- Please email me directly if you have any questions, issues, or concerns; I will respond to your queries as quickly as possible without undue delay.

- I DON’T release the name, e-mail address or other contact details of any project member, or any guarded DNA test results, to other project members or to anyone else without specific written permission. 
- I DON’T keep contact details and DNA test result data on same file (I do not retain any contact details in any files). 
- I DON’T reproduce FTDNA Matches pages without redacting first names (currently, I have not have had to make copies of project members' match pages and don't foresee a need to in the future), though I have made copies of my own match page). 
- I DON’T delay replying to queries by project members by more than a month (I try to respond within 1-2 days unless I am on vacation which could be a delay up to about 10 days or so). 
- I DON’T retain data on members who have asked to be removed from your project. 
- I DON’T regard your GDPR precautions as a “one-off”: they will need regular review.

What do I do with your STR and SNP results and the information you provided about your pedigree?  I am using STR and SNP results to build Y-DNA mutation trees to figure out how male project members are related to one another.  This enables me to identity a common ancestor among Y-DNA matches, the time that common ancestor may have lived, and how your particular Cosgrove line is connected to the ancient Irish clans; efforts consistent with our project goals.   I use the pedigree information to keep track of where each member's line originated from in hopes of connecting project members together.  For instance, if two project members can trace their  Cosgrove family lines back to Limerick, there is a chance they may be recently or distantly related to one another.  I would contact each person individual via email or through a posting on our project's activity feed to see if they have a desire for me to put them in contact with one another.  That is the only reason I retain pedigree information and the only way I use it.