To obtain valuable data & insights, research often involves …
DMPonline.be: How do I write a Data Management Plan?
DMPonline.be is an online tool to help Ghent University researchers write an effective Data Management Plan (DMP). This tip explains how to use this tool.
What is a DMP?
A Data Management Plan is a formal document that specifies how research data will be handled both during and after a …
This tip explains in which situations you might want to sign into and use DMPonline.be via ORCID, and how to do this.
For more general information on how to use the planning tool DMPonline.be, check out the following tips:
What is it about?
The European Commission has been encouraging open access to and reuse of digital research data through the Open Research Data Pilot (ORD Pilot), following FAIR data principles:
All research data should be Findable, Accessible, Interoperable and Reusable (FAIR). The ERC has adopted this approach for their …
FAIR: What are the FAIR data principles?
FAIR refers to a set of attributes that enable and enhance the reuse of data (and other digital objects) by both humans and machines. The 'FAIR' acronym stands for:
The FAIR principles originated in the life sciences, but can also be applied …
Ghent University offers and recommends the web application Belnet FileSender for sending large digital (workrelated) files. The advantage of FileSender is that you can send large files up to 6 TB for free and in a safe way. You do not have to create an account when you are connected …
Data management planning as part of FWO policy
As of 2018, the FWO has made Research Data Management (RDM) a key element of its policy for all support channels. This entails new requirements for researchers regarding data management planning (see the UGent RDM webpages for more details on FWO policy). …
The GDPR does not prevent research data containing personal data from being shared with other researchers for reproducibility and reuse after the research.
What are the conditions for the reuse of personal data?
- Sufficient technical and organizational measures must be taken such as pseudonymization, limitation of access to the data, …
The processing of personal data is only lawful if one of the conditions or legal grounds of the General Data Protection Regulation (GDPR) is met.
It is very important to indicate the applicable legal basis for the processing at the start of your research in the GDPR register. The processing …
When you process personal data, the GDPR ethically and legally obligates you to sufficiently protect personal data.
The basic level of security must always be in accordance with the information security policy of Ghent University. However, additional measures may be necessary specific to each processing. The choice of additional …
Why register processing activities?
The General Data Protection Regulation (GDPR, known as AVG in Dutch) requires that all activities concerning personal data processing at UGent and UZ Gent are documented and registered in a 'register of processing activities', the GDPR Register.
This internal registration replaces the former 'obligation …
The General Data Protection Regulation (GDPR) stipulates that personal data can't kept longer than necessary to achieve the purposes for which they're processed (see the ‘storage limitation’ principle).
The RDM Policy framework of Ghent University requires that research data be kept for a minimum of 5 years after …
Informing the persons whose personal data are processed (the data subjects) is one of the basic principles and obligations of the General Data Protection Regulation (GDPR).
As a researcher, it's your responsibility to communicate this information to the data subjects in clear and simple language, and in a …
The GDPR applies to the use of personal data. The definition of personal data in the context of this law is therefore of great importance.
Personal data are any information about an identified or identifiable natural person. A natural person is considered to be identifiable if he or …
When processing personal data of minors (children under the age of 18), they are entitled to specific protection, as they are often less aware of their rights, the potential risks and consequences associated with the processing of their data.
Minors must be informed about which personal data are …
When using an (online) survey tool to collect personal data for your research , you need to make sure that the tool is GDPR compliant and that you follow the GDPR principles when using it.
UGent has a campus licence for Qualtrics since 1 January 2022. Other survey tools are …
The General Data Protection Regulation (GDPR) is based on six basic principles that you must take into account when processing personal data.
1. Lawfulness, fairness and transparency
You are obliged to process personal data in a transparent manner with respect for all applicable laws, regulations and rules. …
Various roles are defined within the General Data Protection Regulation (GDPR) for the processing of personal data. The most important roles are:
- Data controller
- Joint data controller
- Data processor
Since controllers and processors have different responsibilities and obligations, it is important that you clearly define these roles (together with …
If you collaborate with researchers, partners or institutions located in another country, within or outside the EU, in your research, you must pay attention when making personal data accessible, forwarding or exchanging. This also applies when you use processors or subcontractors, for example when you are using websurveys hosted by …
As a researcher, you sometimes make use of mailing lists for your research (e.g. sending invitations to participate in a survey/interview) or for your research activities (e.g. sending invitation to an event/conference). Mailing lists consist of postal addresses or e-mail addresses (even purely professional e-mail addresses). These are personal data …
Although the main components of the previous privacy legislation are largely retained, the General Data Protection Regulation (GDPR) also introduces a number of important changes.
The former 'obligation to report' to the privacy commission was replaced with 'accountability' whereby you as the researcher must document the processing of …
To be lawful, the processing of personal data must be based on one of the legal grounds provided in the General Data Protection Regulation (GDPR).
If the processing of personal data within your research project is based on the consent of the data subject as the legal basis, …
When you process personal data for your research, you must follow the rules of the General Data Protection Regulation (GDPR).
The GDPR: new European privacy legislation
The GDPR, which has been in force since 25 May 2018, modernises the existing privacy legislation. It creates a uniform European legislative framework …
The General Data Protection Regulation (GDPR) defines the persons whose personal data are processed as data subjects.
As a researcher, you have to take into account that the data subjects can in accordance with the GDPR exercise different rights with regard to their personal data.
1. Right to information …
Social media contain an ever-increasing source of information and data. More and more (sensitive) (personal) data is published on social media profiles by the users themselves. But to what extent may this data then be used to base research on, for instance? Consideration must in any case be given …
A data breach is a security incident that affects the confidentiality, integrity or availability of personal data. Possible incidents that can lead to a data breach are:
- access to personal data by an unauthorised third party;
- intentional or unintentional action that affects the security of personal data;
- sending personal data …
Primary vs. secondary processing
In the case of further or secondary processing of personal data in a research project, the personal data will not be directly collected from the data subjects by you.
If you do collect the personal data directly from the data subjects as part of your research …
Privacy by design
In the design phase of a research project, you normally think about the substance and methodological aspects of your research.
In view of the General Data Protection Regulation (GDPR) it is important to also thoroughly consider and describe the collection and processing of personal data during the …
Special categories of personal data (sensitive personal data)
Some personal data belong to the group of “special categories” of personal data: these are personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, membership of a trade union, genetic data, biometric data, data about health …
When you develop artificial intelligence based on personal data or process personal data using artificial intelligence in your research, the General Data Protection Regulation (GDPR) applies. AI applications must therefore ensure privacy and data protection principles throughout their lifecycle, including the principles of 'privacy by design' and 'privacy by default'. …
Sharing personal data within Ghent University
Research data with personal data can be shared within Ghent University with fellow researchers (within or outside your research project) under certain conditions for further processing or reuse of the research data. It is important to document and justify this transfer of data in …
What is a DPIA?
When the personal data or the nature of the processing probably entails a high risk for the data subjects, the GDPR obliges you to carry out a risk analysis before the start of the processing, a so-called Data Protection Impact Assessment (DPIA).
A DPIA is …
Profiles of individuals and or groups can be made as part of a study, for example to determine, analyse or predict a person's personality or behaviour. When profiling involves the processing of personal data, you need to be mindful of the GDPR. The GDPR also applies when exclusively …
The General Data Protection Regulation (GDPR) applies
- when you (or your institution or organisation) process personal data in the framework of scientific research (e.g. collection, recording, classification, structuring, storage, adaptation or alteration, retrieval, consultation, use, etc.), regardless of the origin of the personal data
- when you (or your institution or …
Sometimes mention is made of vulnerable natural persons in the context of the General Data Protection Regulation (GDPR).
- pregnant women
- the elderly
- people with mental disorders
- asylum seekers
- people with disabilities
- ethnic minorities
- the sick and patients
These are often persons who are legally incompetent, persons …
Protecting the rights and freedoms of data subjects
If you process personal data, your job is to protect the rights and freedoms of data subjects in accordance with the General Data Protection Regulation (GDPR).
For this you must evaluate the possible risks associated with the processing of personal data …
Research Data Management: What is RDM?
Research Data Management (RDM) is a broad term that encompasses all practices and actions to ensure that research data are secure, sustainable, and easy to find, understand and (re)use, not only during a research project, but also in the longer term. Taking proper care of data is an essential …
The research data lifecycle: What is it?
The research data lifecycle is a key concept within Research Data Management (RDM). It describes the different stages research data go through before, during, and after a research project. Various data management activities take place within each stage of the data lifecycle, and the choices made in one stage influence …