You are not expected to be a privacy expert, instead you should understand why the privacy of your participants is important and requires additional care and considerations when planning your research. Under the GDPR, there are seven key principles for data protection. You should keep these in mind when working with personal data.
Lawfulness, fairness and transparency:
Have a valid legal ground for processing personal data.
Be clear, honest and open with your participants on how you will process their data.
Process data the data in a way which is fair.
Purpose limitation:
Be clear and specify why the data will be processed from the start of the project.
Only use the data for this purpose.
Inform your participants about the purpose of data processing.
Data minimisation:
Only collect data which is relevant to your research.
Be critical of why you need someones personal data, if it is not necessary don't collect it.
Periodically review the personal data you have, and delete what is no longer required.
Accuracy:
Take reasonable steps to ensure data is accurate and up to date.
If you discover data is incorrect, take steps to resolve this and document the process.
Storage limitation:
Be clear and transparent with participants regarding the retention period of their data.
Do not keep data for longer than necessary.
Integrity and Confidentiality:
Implement the appropriate measures to ensure the protection of personal data.
Speak to your supervisor or data steward to ensure these measures are correct.
Accountability:
Take responsibility for how you handle your data.
Document clearly how you will handle your data.
Be aware of the processes for reporting a data breach and follow if necessary.