Five points

What are the most important issues you need to remember
 concerning privacy in research?

 

The GDPR applies to personal data. Therefore, the first question to ask is always: do you process personal data in the study? If this is not the case, then the GDPR does not apply. If you do process personal data, however, there are five points you need to remember to ensure maximum protection of such data in your study.


 

WORK SAFELY


There are various (often simple) measures you can take to maximise the privacy of data subjects involved in your research. An overview of these measures is available on the 'Quick wins' page.

 

LEGAL BASIS


A legal basis, such as consent or a legitimate interest, must exist in order for personal data to be processed in a study. You can view the six possible legal bases in this figure.

 

PRIVACY BY DESIGN & PRIVACY BY DEFAULT


Build maximum privacy and data protection safeguards into your research plan from the earliest stages of development. This is referred to as 'Privacy by design'. And where possible, set all default settings to the most privacy-friendly option. This is referred to as 'Privacy by default'.

 

COMPLY WITH THE PRIVACY PRINCIPLES


Comply with the six privacy principles, such as 'data minimisation' and 'transparency’, when processing personal data before, during and after the study. You can view the six privacy principles in this figure.

 

GENERAL DATA PROTECTION REGULATION (GDPR)


If you want to know exactly what technical and organisational measures you need to take to ensure the proper handling of personal data in a study, conduct a DPIA together with an internal privacy expert. A DPIA is a questionnaire that quickly maps out all possible privacy risks in a research plan. We will cover this in more detail on the 'DPIA' page.

 


Would you like more information?

If you would like to learn more about the GDPR, we recommend you visit hulpbijprivacy.nl. This is the website of the Dutch Data Protection Authority and it provides clear and accurate general information about the GDPR.