GDPR: what should I keep in mind when designing my research?

Privacy by design

In the design phase of a research project, you normally think about the substance and methodological aspects of your research.

In view of the General Data Protection Regulation (GDPR) it is important to also thoroughly consider and describe the collection and processing of personal data during the design phase (privacy by design). This also falls under research data management more broadly.

is it necessary to process personal data? If this is not necessary for your research, it is better to use anonymous data
how can I minimise this data? Try to limit the data to those data that contribute to answering the research question
are these data that I have collected myself (primary data), or existing data from other scientific research or from existing databases (such as patient data in a hospital, Crossroads Bank companies register, etc.) (secondary data or further processing)?
do I need to process raw personal data, or can I work with pseudonymised data after collection?
does the way in which I process the personal data entail risks for the data subjects? For example, will you gather sensitive personal data, will you collect personal data on vulnerable groups, will systematic monitoring be done, etc.?
on what legal basis am I basing my personal data processing?
how will I inform the data subjects in a transparent manner?
are the personal data shared with other people within or outside Ghent University?
what are the roles of these persons and/or institutions or organisations, and have the necessary agreements been drawn up for this?
will I collaborate with other researchers, institutions or organisations outside the European Economic Area (EEA)?

More information

Privacy and research

More tips

GDPR: how am I transparent to data subjects in my research? (Integrity in science)
GDPR: how can I ensure that the processing of personal data is lawful? (Integrity in science)
GDPR: how do I register personal data processing activities? (Integrity in science)
GDPR: how long can research data containing personal data be stored? (Integrity in science)
GDPR: what are personal data? (Integrity in science)
GDPR: what are the basic principles? (Integrity in science)
GDPR: what are the different roles and responsibilities according to the GDPR? (Integrity in science)
GDPR: what has changed with regard to the previous privacy legislation? (Integrity in science)
GDPR: what information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Integrity in science)
GDPR: what is the General Data Protection Regulation? (Integrity in science)
GDPR: what rights do data subjects have, how do I respect them and what exceptions may apply to research? (Integrity in science)
GDPR: what should I do in the event of further/secondary processing of personal data? (Integrity in science)
GDPR: what should I keep in mind when processing special categories of personal data? (Integrity in science)
GDPR: when does it apply to my research? (Integrity in science)
GDPR: who are considered as vulnerable persons? (Integrity in science)
GDPR: why is it important to comply with this legislation? (Integrity in science)

Translated tip

AVG: waaraan moet ik denken bij het design van mijn onderzoek?

tags:

research data management

Integrity in science

Last modified March 30, 2020, 1:35 p.m.

Questions? Suggestions?

libservice@ugent.be