Essential concepts
Essential concepts related to the processing of personal data
The GDPR focuses on the protection of personal data and attempts to prevent undesired consequences for the data subjects while granting them specific rights, which impacts research practices. Understanding the essential concepts related to the processing of personal data is crucial for conducting GDPR-compliant research.
Data protection principles
Researchers who process personal data at the University of Groningen must follow eight principles:
-
Purpose specification: be clear on what personal data you will be using, for which purpose, and for how long.
-
Transparency: let all involved parties know which data are processed, for which purpose, for how long, who will have access to them, and how they will be protected.
-
Rights of the data subjects : inform data subjects about their rights.
-
Data minimization: make sure you do not process any more personal data than what is required for the project.
-
Data quality: take measures to ensure that the personal data are accurate, up-to-date, and complete.
-
Storage limitation: make sure that only authorized people can access personal data. Revoke access privileges as soon as they are obsolete.
-
Security measures: make sure personal data are adequately protected. Use techniques such as encryption, anonymization, and pseudonymization. Consult the DCC and the UG research data policy of the University of Groningen.
-
Accountability: make sure that responsibilities are clear. Roles, tasks, and authorizations have to be assigned.
Last modified: | 29 October 2024 1.42 p.m. |