GDPR: What should I keep in mind when designing my research?

Privacy by design

In the design phase of a research project, you normally think about the substance and methodological aspects of your research.

In view of the General Data Protection Regulation (GDPR) it is important to also thoroughly consider and describe the collection and processing of personal data during the design phase (privacy by design). This means that at each stage you should think about how this stage can affect the way personal data is collected and processed. Based on this, the necessary safety devices must be built into the stages. This also falls under research data management more broadly.

The following questions can help you during the design phase:

Do I really need personal data? If this is not necessary for your research, it is better to use anonymous data.
How can I minimise this data? Can the research be carried out with less personal data? Try to limit the data to those data that contribute to answering the research question.
Are these data that I have collected myself (primary data), or existing data from other scientific research or from existing databases (such as patient data in a hospital, Crossroads Bank companies register, etc.) (secondary data or further processing)?
Do I need to process raw personal data, or can I work with pseudonymised data after collection?
Does the way in which I process the personal data entail risks for the data subjects? For example, will you gather sensitive personal data? Will you collect personal data from vulnerable persons or from minors? Will systematic monitoring be done, etc.?
On what legal basis am I basing my personal data processing?
How will I inform the data subjects in a transparent manner?
Are the personal data shared with other people within or outside Ghent University? What are the roles of these persons and/or institutions or organisations, and have the necessary agreements been drawn up for this?
Will I collaborate with other researchers, institutions or organisations or transfer personal data outside the European Economic Area (EEA)?

More information

Privacy and research

More tips

GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended? (Research integrity & ethics)
GDPR: how can I ensure that the processing of personal data is lawful? (Research integrity & ethics)
GDPR: how do I protect my data correctly? (Research integrity & ethics)
GDPR: how do I register personal data processing activities? (Research integrity & ethics)
GDPR: how long may I store research data containing personal data? (Research integrity & ethics)
GDPR: how to be transparent to data subjects in my research? (Research integrity & ethics)
GDPR: what are personal data? (Research integrity & ethics)
GDPR: what are some things to consider when processing personal data from minors? (Research integrity & ethics)
GDPR: What are the basic principles? (Research integrity & ethics)
GDPR: What are the different roles and responsibilities according to the GDPR? (Research integrity & ethics)
GDPR: What do I need to think about when transferring personal data to third countries or international organisations? (Research integrity & ethics)
GDPR: What do I need to think about when using a mailing list in the context of my research? (Research integrity & ethics)
GDPR: what has changed with regard to the previous privacy legislation? (Research integrity & ethics)
GDPR: What information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Research integrity & ethics)
GDPR: what is the General Data Protection Regulation? (Research integrity & ethics)
GDPR: What rights do data subjects have, how do I respect them and what exceptions may apply to research? (Research integrity & ethics)
GDPR: what should I do in case of a data breach? (Research integrity & ethics)
GDPR: What should I do in the event of further/secondary processing of personal data? (Research integrity & ethics)
GDPR: what should I keep in mind when processing special categories of personal data? (Research integrity & ethics)
GDPR: What should I think about when I collaborate with others or share my data? (Research integrity & ethics)
GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Research integrity & ethics)
GDPR: when does it apply to my research? (Research integrity & ethics)
GDPR: who are considered to be vulnerable persons? (Research integrity & ethics)
GDPR: why is it important to comply with this legislation? (Research integrity & ethics)
Qualtrics: how do I use this survey tool? (Research integrity & ethics)

Translated tip

AVG: waaraan moet ik denken bij het design van mijn onderzoek?

tags:

Research integrity & ethics

Last modified March 12, 2024, 2:08 p.m.

Questions? Suggestions?

libservice@ugent.be