For best experience please turn on javascript and use a modern browser!
uva.nl
Research Data Management null
NL

Personal data

A lot of research involves using personal data. Researchers are required by law to manage this information carefully. How do you do that?

On this page:

What constitutes as personal data?

Personal data encompasses all details that either directly or indirectly lead to a specific person, for example, someone’s name, occupation or age. This also includes the so called ‘sensitive’ personal data, which is data concerning someone’s

  • religion or beliefs;
  • race;
  • political preferences;
  • health;
  • sexual orientation;
  • biometrical data;
  • genetic data;
  • membership to a union;
  • criminal past.

Contact details

Contact details are personal data that you keep a record of in order to contact the people participating in your research. These contact details must be kept separate from the information you collect from the participants during your research. If for some unforeseen reason someone gets access to your research data, they cannot trace it to the participants. You destroy the contact details as soon as you are sure that they are no longer necessary for your research.

Collecting

The law states some ground rules for collecting personal data for the purpose of research:

  1. you do not collect more personal data than is strictly necessary for your research and
  2. participants must give their permission for their personal data to be collected and recorded and
  3. you do not use the personal data for other purposes other than that which you received permission for.

Processing

Processing encompasses everything that you as a researcher do with the personal data or that you have someone else do: saving, storing, analysing, anonymising, showing to others, and publishing.

You must draw up a processing agreement if you have the details processed by a third party, for example, when you use an online application for surveys. Legal Affairs can help with drawing up a processing agreement.

UvA Legal Affairs (intranet, UvAnetID required) AUAS Legal Affairs

Security

By law every person has the right to protection of their privacy. When collecting personal data for research purposes you are therefore responsible for protecting the privacy of your participants. This means you have to properly secure research data that contains personal data:

More information

You can find more information concerning collecting and processing personal data in the Privacy lemmas in the UvA and AUAS A-Z lists.

UvA A-Z Privacy lemma: the GDPR and research at the UvA (intranet, UvAnetID required) AUAS A-Z Privacy lemma: applied research (intranet, HvAID required)

For an overview and a step-by-step plan download the Privacy Reference Cards.

How to treat personal data in research (UvA version; PDF file) Privacy Reference Card - What & Why (UvA version; PDF file) How to treat personal data in research (AUAS version; PDF file) Privacy Reference Card - What & Why (AUAS version; PDF file)

The UvA and AUAS Data Protection Officers may give advice on the use of personal data in research.

AUAS

M. (Martijn) de Hamer | functionarisgegevensbescherming@hva.nl

UvA

J.M.C. (Miek) Krol | fg@uva.nl