Legal ground

You will often hear the term 'processing' when discussing personal data. This is an umbrella term which refers to anything you do to the the data. This can include collecting data, reusing data, cleaning data, (long term) storage, sharing data, and even deleting data.

 

When processing personal data, we must first have a 'legal ground'. We touched a little on this in the last section, but now we will learn what this means in practice. In research the most common legal ground for processing personal data is 'informed consent'. It is a researchers responsibility to appropriately inform their participants on what will happen to their data, what is will be used for and how they can report issues or concerns relating to data privacy. This is typically done within 2-3 documents:

  1. Informed consent:

  2. Information letter:

  3. Privacy statement (sometimes not required):

 

There are other legal grounds to process personal data within the GDPR. It is required for a member of the VU privacy team to evaluate whether they are suitable. So, do not make this decision for yourself. If you think they may apply to your project, reach out to the faculty Privacy Champion.

 

 

 

Templates are available for all the documents listed above, contact either your supervisor or Data steward to access these.