GDPR: what has changed with regard to the previous privacy legislation?
Although the main components of the previous privacy legislation are largely retained, the General Data Protection Regulation (GDPR) also introduces a number of important changes.
1. Accountability
The former 'obligation to report' to the privacy commission was replaced with 'accountability' whereby you as the researcher must document the processing of personal data in your research in a register provided by the institution or organisation.
2. Data Protection Officer
Institutions and organisations must appoint a data protection officer to coordinate and monitor the implementation of the GDPR.
3. Data Protection Impact Assessment
When the processing of personal data in your research involves a probable high-risk processing (such as the processing of sensitive data, profiling, systematic monitoring, combining data sets, use of new technologies, etc.), you as the researcher must perform an additional risk analysis (data protection impact assessment).
4. Data security
When processing personal data, you as the researcher must meet higher data security requirements by using encryption and pseudonymisation.
5. Informed consent
As the researcher, you must meet new, stricter standards for informed consent if the processing of personal data is based on this legal basis.
6. Lawfulness
You must make the lawfulness or legal basis for the processing of personal data known to the data subjects in a clear and transparent manner.
7. Notification obligation
If there is a breach with regard to personal data, you must report this as quickly as possible.
8. Transfer of personal data
If your research involves the transfer of personal data outside the European Economic Area (EEA) you will have to comply with the new GDPR guidelines.
9. Data Protection Authority
The Data Protection Authority (DPA) will be given the opportunity to carry out inspections and impose fines.
10. Data subject rights
In your research you will have to take into account the extended rights of data subjects, such as 'the right to be forgotten' or right to erasure' and the right to data portability.
More information
More tips
- GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended? (Research integrity & ethics)
- GDPR: how can I ensure that the processing of personal data is lawful? (Research integrity & ethics)
- GDPR: how do I protect my data correctly? (Research integrity & ethics)
- GDPR: how do I register personal data processing activities? (Research integrity & ethics)
- GDPR: how long may I store research data containing personal data? (Research integrity & ethics)
- GDPR: how to be transparent to data subjects in my research? (Research integrity & ethics)
- GDPR: what are personal data? (Research integrity & ethics)
- GDPR: what are some things to consider when processing personal data from minors? (Research integrity & ethics)
- GDPR: What are the basic principles? (Research integrity & ethics)
- GDPR: What are the different roles and responsibilities according to the GDPR? (Research integrity & ethics)
- GDPR: What do I need to think about when transferring personal data to third countries or international organisations? (Research integrity & ethics)
- GDPR: What do I need to think about when using a mailing list in the context of my research? (Research integrity & ethics)
- GDPR: What information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Research integrity & ethics)
- GDPR: what is the General Data Protection Regulation? (Research integrity & ethics)
- GDPR: What rights do data subjects have, how do I respect them and what exceptions may apply to research? (Research integrity & ethics)
- GDPR: what should I do in case of a data breach? (Research integrity & ethics)
- GDPR: What should I do in the event of further/secondary processing of personal data? (Research integrity & ethics)
- GDPR: What should I keep in mind when designing my research? (Research integrity & ethics)
- GDPR: what should I keep in mind when processing special categories of personal data? (Research integrity & ethics)
- GDPR: What should I think about when I collaborate with others or share my data? (Research integrity & ethics)
- GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Research integrity & ethics)
- GDPR: when does it apply to my research? (Research integrity & ethics)
- GDPR: who are considered to be vulnerable persons? (Research integrity & ethics)
- GDPR: why is it important to comply with this legislation? (Research integrity & ethics)
Translated tip
Last modified March 6, 2024, 9:14 a.m.