Themes

The impact of the GDPR on your scientific data

What is this about?

On May 25th, 2018, the General Data Protection Regulation (GDPR) entered into force in Europe. The GDPR sets out the new rules researchers must adhere to when processing personal data (1). Personal data is any data with which a person can be directly or indirectly identified. Researchers should conform to the GDPR principles of data protection to protect the privacy rights of their study participants and avoid legal issues.

Why is this important?

Research data often contains personal characteristics, such as a name, location data, or physical, physiological, genetic or cultural features of a person. For these, the GDPR provides the following principles in article 5:

  • "Data should be processed lawfully, fairly and in a transparent manner."
  • "Data should be collected for specified, explicit and legitimate purposes and is not further processed in a manner that is incompatible with those purposes."
  • "Data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed."
  • "Data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. For scientific data, it is often recommended to use pseudonymization as a technique to further protect subject privacy. Long-term archiving for scientific purposes is allowed when in accordance to Article 89 of the GDPR."
  • "Data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss."

For whom is this important?

Students, PhD Students, Research subjects, Scientists, Ethics committee members, Researchers, Academic staff, Research institutions, Policy makers, Supervisors, Postdocs, Universities, Funders, Journal publishers, Journal editors, Industry stakeholders, Junior researchers, Senior researchers, Teachers, General public, Research integrity trainers

What are the best practices?

Researchers that work with personal data can consult the GDPR online. For more information click here.

You should also be able to contact your local Data Protection Officer or study supervisor for more information on handling scientific data.

References

(1) EU General Data Protection Regulation (GDPR) (2018). Available online at: https://gdpr-info.eu/

Lars Lambriks contributed to this theme.

Latest contribution was May 29, 2019