What constitutes as personal data?
Personal data encompasses all details that either directly or indirectly lead to a specific person, for example, someone’s name, occupation or age. This also includes the so called ‘sensitive’ personal data, which is data concerning someone’s
- religion or beliefs;
- political preferences;
- sexual orientation;
- biometrical data;
- genetic data;
- membership to a union;
- criminal past.
Contact details are personal data that you keep a record of in order to contact the people participating in your research. These contact details must be kept separate from the information you collect from the participants during your research. If for some unforeseen reason someone gets access to your research data, they cannot trace it to the participants. You destroy the contact details as soon as you are sure that they are no longer necessary for your research.
The law states some ground rules for collecting personal data for the purpose of research:
- you do not collect more personal data than is strictly necessary for your research and
- participants must give their permission for their personal data to be collected and recorded and
- you do not use the personal data for other purposes other than that which you received permission for.
Processing encompasses everything that you as a researcher do with the personal data or that you have someone else do: saving, storing, analysing, anonymising, showing to others, and publishing.
You must draw up a processing agreement if you have the details processed by a third party, for example, when you use an online application for surveys. Legal Affairs can help with drawing up a processing agreement.
By law every person has the right to protection of their privacy. When collecting personal data for research purposes you are therefore responsible for protecting the privacy of your participants. This means you have to properly secure research data that contains personal data:
- separate contact details from research data
- choose a safe place to store the data
- ascertain who has access to the storage space
- anonymise/pseudonymise your data as soon as possible
- use encryption and other security measures
You can find more information concerning collecting and processing personal data in the Privacy lemmas in the UvA and AUAS A-Z lists.
For an overview and a step-by-step plan download the Privacy Reference Cards.
The UvA and AUAS Data Protection Officers may give advice on the use of personal data in research.
M. (Martijn) de Hamer | firstname.lastname@example.org
J.M.C. (Miek) Krol | email@example.com