Privacy and legal aspects
As a researcher you’re dealing with lots of (personal) data during your research. In order to conduct proper research your project needs to comply with legislation and regulations. These can either be general or specific to your area of research. For instance, how to safeguard your participants’ privacy. And how to deal with user/sharing agreements or intellectual property right.
To ensure your participants’ privacy the General Data Protection Regulation (GDPR) applies to all research that uses personal data. Meaning you have to have a legal basis to collect and use personal data, this is written down in a Data Management Plan for your project. It helps you to be clear and transparent about how and why you process (personal) data, as well as how you will share, store and safeguard it in a way that fits your research.
Personal data are data that can directly or indirectly identify your research participants. Examples are a name, student-id, or e-mail address. There are also data that in itself do not identify a participant, but in combination, they do. For example, a person’s job title in combination with where they work.
Data Protection Impact Assessment
A special category of personal data is sensitive personal data. This is data relating to a person’s health, political activities, sexual orientation etc. In other words: any data that may cause discomfort or harm if they were to become publicly available.
Do you think you might have sensitive personal data? We can help you identify whether or not you need to do a Data Protection Impact Assessment (DPIA).
The GDPR requires you to have a legal basis for working with personal data. In research, this most often is Informed Consent and is why obtaining Informed Consent is even more important. In your Informed Consent you ask your participant for permission for participating in your research and also for what you want to do with the data. For example, using quotes in your research article in case you interview your participants, or making the data anonymously available for future research.
The EUR has several places where you can safely store your data. Non-personal data you can safely store on the @wEURk network drive. For personal data you can use the EUR licensed versions of SURFdrive or Dropbox4Business, or Mediasite if you use video recordings; in case of sensitive personal data we recommend using the Document Vault.
Safeguarding your data
Safeguarding means that you need to determine who has access to your data, making regular backups, versioning control of your files, but also anonymizing or pseudonymizing your data before analyzing or sharing them. Do you need more information on where to store your data or what safeguarding measures you might have to take?