v-sign Mind the GAP - Online training on research integrity
home-icon
  • checkmark General Data Protection Regulation (GDPR)
  • checkmark Who’s involved?
  • checkmark How to comply with the GDPR?
  • checkmark Measures to protect privacy
  • checkmark Risk assessment

How to comply with the GDPR?

jumping-icon base

How to comply with the GDPR?

mindthegap

There’s a lack of transparency when there is no information letter for the participant, or the information letter is very unclear.

mindthegap

The participants need to understand the scope of the research and be aware of how their data will be processed. If the participants have questions on this or they want to launch a complaint, it is important they are also informed in the information sheet on who they can contact in this matter.

You are obliged to process personal data in a transparent manner with respect for all applicable laws, regulations and rules. You also need a legal basis before collecting and processing personal data and you have to inform the data subjects about this legal basis and why you will collect and process these specific personal data (e.g. in an information sheet). The data subjects have certain rights which they can assert regarding the processing of their personal data.

Records of processing activities

In order to keep an overview of the processing of personal data within the research and to meet the legal obligation to document, you have to fill in the “records of processing activities” (GDPR Register) of your institution. You complete the questions in the register before the start of your research processing activities and you keep it up to date during your research. The questions in the GDPR Register focus on the processing of personal data and the compliance with the GDPR-requirements in your research.

mindthegap

When to think about this?

The GDPR is applicable to the processing of personal data throughout the entire research lifecycle. Because there are some important requirements prior to working with personal data, most of these requirements will be integrated in the design of the research (privacy by design). In the design phase of your research, usually you reflect on the substantive and methodological aspects of it.

During your research, these requirements will change along with your research data and your research design. So it’s very important to keep this up to date.

Processing of personal data fits within research data management, conceived in a broad sense.

When these principles are applied to the research life cycle, this results in the following overview of points of attention and ‘to do’s’

Previous page Next page