(re)search tips

News and practical tips for research, information management and scholarly communication

Tag: gdpr

Consent in research – ethics & privacy (GDPR)

To obtain valuable data & insights, research often involves …

   Read more

DMPonline.be: sign in via ORCID

 

This tip explains in which situations you might want to sign into and use DMPonline.be via ORCID, and how to do this.

 

For more general information on how to use the planning tool DMPonline.be, check out the following tips:

  • On …
   Read more

GDPR: What to keep in mind when developing or deploying apps for research?

If you are going to develop an app (mobile, …

   Read more

GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended?

The GDPR does not prevent research data containing personal data from being shared with other researchers for reproducibility and reuse after the research.

What are the conditions for the reuse of personal data?

  • Sufficient technical and organizational measures must be taken such as pseudonymization, limitation of access to the data, …
   Read more

GDPR: how can I ensure that the processing of personal data is lawful?

The processing of personal data is only lawful if one of the conditions or legal grounds of the General Data Protection Regulation (GDPR) is met.

It is very important to indicate the applicable legal basis for the processing at the start of your research in the GDPR register.

There …

   Read more

GDPR: how do I protect my data correctly?

When you process personal data, the GDPR ethically and legally obligates you to sufficiently protect personal data.

The basic level of security must always be in accordance with the information security policy of Ghent University. However, additional measures may be necessary specific to each processing. The choice of additional …

   Read more

GDPR: how do I register personal data processing activities?

Why register processing activities?

The General Data Protection Regulation (GDPR) requires that all activities concerning personal data processing at UGent and UZ Gent are documented and registered in a 'register of processing activities', the GDPR Register.

This internal documentation obligation is an essential tool to help researchers comply …

   Read more

GDPR: how long may I store research data containing personal data?

The General Data Protection Regulation (GDPR) stipulates that personal data can't kept longer than necessary to achieve the purposes for which they're processed (see the ‘storage limitation’ principle).

Managing and administering your research data, including when it involves personal data, falls under Research Data Management (RDM). RDM includes …

   Read more

GDPR: how to be transparent to data subjects in my research?

Informing the persons whose personal data are processed (the data subjects) is one of the basic principles and obligations of the General Data Protection Regulation (GDPR).

As a researcher, it's your responsibility to provide information about your research to the data subjects in your research.

Elements of transparancy …    Read more

GDPR: what are personal data?

The GDPR applies to the processing of personal data. The definition of personal data is therefore of great importance.

“Personal data are any information about an identified or identifiable natural person.”

So, when a person is identified (e.g. you know the person's name), any data you collect relating to that …

   Read more

GDPR: what are some things to consider when processing personal data from minors?

When processing personal data of minors (children under the age of 18), they are entitled to specific protection, as they are often less aware of their rights and the potential risks and/or consequences associated with the processing of their data.

Transparancy

Like adults, minors should be informed about what personal …

   Read more

GDPR: what are some things to consider when using (online) survey tools?

When using an (online) survey tool to collect personal data for your research , you need to make sure that the tool is GDPR compliant and that you follow the GDPR principles when using it.

UGent has a campus licence for Qualtrics since 1 January 2022. Other survey tools are …

   Read more

GDPR: What are the basic principles?

The General Data Protection Regulation (GDPR) is based on six basic principles that you must take into account when processing personal data.

Basic principles 1. Lawfulness, fairness and transparency

You are obliged to process personal data in a transparent manner with respect for all applicable laws, regulations and rules. …

   Read more

GDPR: What are the different roles and responsibilities according to the GDPR?

Various roles are defined within the General Data Protection Regulation (GDPR) for the processing of personal data. The most important roles are: 

  • Data controller
  • Joint data controller 
  • Data processor

Since controllers and processors have different responsibilities and obligations, it is important that you clearly define these roles (together with …

   Read more

GDPR: What do I need to think about when transferring personal data to third countries or international organisations?

If you collaborate with researchers, partners or institutions located in another country, within or outside the EU, in your research, you must pay attention when making personal data accessible, forwarding or exchanging. This also applies when you use processors or subcontractors, for example when you are using websurveys hosted by …

   Read more

GDPR: What do I need to think about when using a mailing list in the context of my research?

As a researcher, you sometimes make use of mailing lists for your research (e.g. sending invitations to participate in a survey/interview) or for your research activities (e.g. sending invitation to an event/conference).

Mailing lists consist of a (large) list of postal addresses or e-mail addresses (even purely professional e-mail addresses) …

   Read more

GDPR: what has changed with regard to the previous privacy legislation?

Although the main components of the previous privacy legislation are largely retained, the General Data Protection Regulation (GDPR) also introduces a number of important changes.

1. Accountability

The former 'obligation to report' to the privacy commission was replaced with 'accountability' whereby you as the researcher must document the processing of …

   Read more

GDPR: What information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects?

To be lawful, the processing of personal data must be based on one of the legal grounds provided in the General Data Protection Regulation (GDPR).

If the processing of personal data within your research project is based on the consent of the data subject as the legal basis, …

   Read more

GDPR: what is the General Data Protection Regulation?

When you process personal data for your research, you must follow the rules of the General Data Protection Regulation (GDPR).

The GDPR: new European privacy legislation

The GDPR, which has been in force since 25 May 2018, modernises the existing privacy legislation. It creates a uniform European legislative framework …

   Read more

GDPR: What rights do data subjects have, how do I respect them and what exceptions may apply to research?

The General Data Protection Regulation (GDPR) defines the persons whose personal data are processed as data subjects.

As a researcher, you have to take into account that the data subjects can in accordance with the GDPR exercise different rights with regard to their personal data.

1. Right to information …    Read more

GDPR: What should I consider when using social media data for scientific research?

 

Social media contain an ever-increasing source of information and data. More and more (sensitive) (personal) data is published on social media profiles by the users themselves. But to what extent may this data then be used to base research on, for instance? Consideration must in any case be given …

   Read more

GDPR: what should I do in case of a data breach?

A ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Breaches can be categorised into the following three categories: 

  • Confidentiality breach - where there is an unauthorised or accidental disclosure …
   Read more

GDPR: What should I do in the event of further/secondary processing of personal data?

Primary vs. secondary processing

In the case of further or secondary use of personal data in a research project, the personal data will not be directly collected from the data subjects by you.

If you do collect the personal data directly from the data subjects as part of your research …

   Read more

GDPR: What should I keep in mind when designing my research?

Privacy by design

In the design phase of a research project, you normally think about the substance and methodological aspects of your research.

In view of the General Data Protection Regulation (GDPR) it is important to also thoroughly consider and describe the collection and processing of personal data during the …

   Read more

GDPR: what should I keep in mind when I want to process personal data relating to criminal convictions and offences?

 

Personal data relating to criminal convictions and offences or related security measures (e.g. a driving prohibition and/or fine imposed by the judge due to speeding or alcohol intoxication, a sentence of imprisonment for theft with violence) may only be processed:

  • under government supervision; of
  • when the processing …
   Read more

GDPR: what should I keep in mind when processing special categories of personal data?

Special categories of personal data (sensitive personal data)

Some personal data belong to the group of “special categories” of personal data: these are personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, membership of a trade union, genetic data, biometric data, data about health …

   Read more

GDPR: What should I take into account when developing or using AI?

When you develop artificial intelligence based on personal data or process personal data using artificial intelligence in your research, the General Data Protection Regulation (GDPR) applies. AI applications must therefore ensure privacy and data protection principles throughout their lifecycle, including the principles of 'privacy by design' and 'privacy by default'. …

   Read more

GDPR: What should I think about when I collaborate with others or share my data?

Sharing personal data within Ghent University

Research data with personal data can be shared within Ghent University with fellow researchers (within or outside your research project) under certain conditions for further processing or reuse of the research data. It is important to document and justify this transfer of data in …

   Read more

GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA?

What is a DPIA?

Before processing personal data you, as a researcher on behalf of the processing controller UGhent, must assess whether or not the processing is likely to have a high risk for the freedoms and rights of the data subjects. If so, you are obliged to carry out …

   Read more

GDPR: when do I engage in 'profiling'; what should I think about? And what is 'exclusively automated individual decision-making'?

 

Profiles of individuals and or groups can be made as part of a study, for example to determine, analyse or predict a person's personality or behaviour. When profiling involves the processing of personal data, you need to be mindful of the GDPR. The GDPR also applies when exclusively …

   Read more

GDPR: when does it apply to my research?

The General Data Protection Regulation (GDPR) applies:

  • when you (or your institution or organisation) are located in the EAA and you process personal data (e.g. collection, recording, classification, structuring, storage, adaptation or alteration, retrieval, consultation, use, etc.) in the context of scientific research at or affiliated with Ghent University, regardless …
   Read more

GDPR: who are considered to be vulnerable persons?

Sometimes mention is made of vulnerable natural persons in the context of the General Data Protection Regulation (GDPR).

Examples
  • minors
  • pregnant women
  • the elderly
  • people with mental disorders
  • asylum seekers
  • people with disabilities
  • ethnic minorities
  • the sick and patients

These are often persons who are legally incompetent, persons …

   Read more

GDPR: why is it important to comply with this legislation?

Protecting the rights and freedoms of data subjects

If you process personal data, your job is to protect the rights and freedoms of data subjects in accordance with the General Data Protection Regulation (GDPR).

For this you must evaluate the possible risks associated with the processing of personal data …

   Read more

Qualtrics: how do I use this survey tool?

Qualtrics is an online tool that allows students and researchers to easily create surveys, distribute them, collect data and analyse responses. Qualtrics features different question types, survey flows and the ability to export results to statistical software.

UGent has a campus licence for the online survey tool Qualtrics. Other survey …

   Read more

More tips in Dutch