GDPR: What are the basic principles?
The General Data Protection Regulation (GDPR) is based on six basic principles that you must take into account when processing personal data.
Basic principles
1. Lawfulness, fairness and transparency
You are obliged to process personal data in a transparent manner with respect for all applicable laws, regulations and rules.
- lawfulness means that you collect and process data on a legal basis.
- fairness means that your processing of personal data is in the interest of the person about whom the data is concerned and that the extent of the processing can reasonably be expected by the person.
- transparency means that you clearly communicate what, how and why you process personel data,
2. Purpose limitation (finality and proportionality)
You may only process personal data for the purpose of your research, and the processing must be reasonable and proportionate to the purpose of your research. The data may also (in principle) not be processed further once that purpose has been achieved.
3. Data minimisation
You may only use the personal data necessary to achieve the objectives of your research.
4. Accuracy
The personal data that you process must be accurate.
5. Storage limitation
The personal data that you process may not be kept longer than necessary for your current research or for possible further analyses of the data. You will need to establish a storage period/retention period or criteria for the personal data; this retention period should be limited to what is necessary and in accordance with the original purposes. However, in the context of scientific research, personal data may be kept for a longer period, given that appropriate technical and organisational measures are taken to protect the rights and freedoms of the data subject.
6. Confidentiality and integrity
As a researcher you must handle personal data confidentially and take appropriate measures to guarantee the confidentiality and integrity of the data so that the data are protected against unauthorised or unlawful processing and against accidental loss, destruction or damage.
Accountability
The general principle of accountability also applies in this context. You must be able to demonstrate compliance with the principles above.
For this, it is important to ask yourself the following questions: at the start of my research, did I thoroughly consider and document the privacy aspects of my research, and am I able to demonstrate that I have actively taken responsibility for processing personal data in a secure manner?
More information
More tips
- GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended? (Research integrity & ethics)
- GDPR: how can I ensure that the processing of personal data is lawful? (Research integrity & ethics)
- GDPR: how do I protect my data correctly? (Research integrity & ethics)
- GDPR: how do I register personal data processing activities? (Research integrity & ethics)
- GDPR: how long may I store research data containing personal data? (Research integrity & ethics)
- GDPR: how to be transparent to data subjects in my research? (Research integrity & ethics)
- GDPR: what are personal data? (Research integrity & ethics)
- GDPR: what are some things to consider when processing personal data from minors? (Research integrity & ethics)
- GDPR: What are the different roles and responsibilities according to the GDPR? (Research integrity & ethics)
- GDPR: What do I need to think about when transferring personal data to third countries or international organisations? (Research integrity & ethics)
- GDPR: What do I need to think about when using a mailing list in the context of my research? (Research integrity & ethics)
- GDPR: what has changed with regard to the previous privacy legislation? (Research integrity & ethics)
- GDPR: What information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Research integrity & ethics)
- GDPR: what is the General Data Protection Regulation? (Research integrity & ethics)
- GDPR: What rights do data subjects have, how do I respect them and what exceptions may apply to research? (Research integrity & ethics)
- GDPR: what should I do in case of a data breach? (Research integrity & ethics)
- GDPR: What should I do in the event of further/secondary processing of personal data? (Research integrity & ethics)
- GDPR: What should I keep in mind when designing my research? (Research integrity & ethics)
- GDPR: what should I keep in mind when processing special categories of personal data? (Research integrity & ethics)
- GDPR: What should I think about when I collaborate with others or share my data? (Research integrity & ethics)
- GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Research integrity & ethics)
- GDPR: when does it apply to my research? (Research integrity & ethics)
- GDPR: who are considered to be vulnerable persons? (Research integrity & ethics)
- GDPR: why is it important to comply with this legislation? (Research integrity & ethics)
- Qualtrics: how do I use this survey tool? (Research integrity & ethics)
Translated tip
Last modified March 6, 2024, 9 a.m.