Find the answers to your questions
Do you have other questions? Please contact Erasmus Research Services.
Yes, you can process previously collected personal data when there is a legal ground, such as:
- A signed consent form from the data subject for the new research project.
- Public interest to process that data (e.g. epidemics, health, security).
According to the GDPR, it is possible to process previously collected personal data for further scientific research. Further processing is also possible if you have received the consent of the data subject. It is, however, important to make sure that the appropriate (technical) safeguards are in place. Examples of such safeguards are pseudonymisation, encryption and data minimisation. For any advice on the further processing of personal data, please contact the Data team of the University library or Erasmus Research Services?
You can come across the concept of a non-disclosure agreement (NDA) under various names and descriptions, such as the confidentiality agreement (CA) or proprietary information agreement (PIA). An NDA is agreed upon when a party provides confidential information to another party provided that the receiving party commits to secrecy or restricted use of that information.
Take note of the following aspects:
- Be aware that it is in the interest of the party providing confidential information to identify as much information confidential and impose as many restrictions as possible on the use of this information. Such an agreement can stand in the way of publication and conflict with academic freedom.
- Potential publications should not be restricted by the issue of confidentiality. Being able to publish without prior permission is important.
- The purpose of the NDA should be clear. For example, that you receive the confidential information to conduct research to then publish about the results.
- Research is fluid. If your research goes beyond the described objective within the NDA, contact the other party and come to an understanding. Be sure to arrange for written approval.
- Ensure that the definition of confidential information is not too broad.
- The obligation of confidentiality must be outlined within a specific timeframe.
- Consider whether a Data Sharing Agreement is not a better legal instrument for this situation.
In the situation that a party does not want specific information to be made public, yet, it is necessary to do so for publication, then the conclusion should be drawn that you cannot come to an agreement.
For advice on an NDA, please contact your legal advisor or Erasmus Research Services.
When research data contains (sensitive) data you should ask yourself the following questions when storing data:
1. Where is the (cloud) server located?
GDPR compliance means that personal data has to be stored and processed within the EU, unless there is a legitimate condition to transfer the data to a third country, according to the GDPR. It is therefore important to know the location of the data storage.
2. Who is in control of your data?
You should be able to access and control your data at all times. Moreover, you have to think about who you give access to your data and how you provide this access.
3. Have you taken all necessary protective measures to avoid a breach of your (sensitive) research data?
There are a lot of measures you can take to secure your data, like encrypting your files, encryption of your hard disk and anonymisation, pseudonymization or other masking techniques.
There are many types of grants available for funding. On the page Funding opportunities, you can find an overview of some significant research funding schemes. With the tool Research Professional, you can search for more discipline-specific grants.
Before applying for a research grant, we advise you to contact Erasmus Research Services or the funding officer associated with your school. They can, for example, explore for which grant schemes you are eligible, explain the precise requirements for your funding application and review your grant proposal.