A lot of research involves using personal data. Researchers are required by law to manage this information carefully. How do you do that?
Personal data encompasses all details that either directly or indirectly lead to a specific person, for example, someone’s name, occupation or age. This also includes the so called ‘sensitive’ personal data, which is data concerning someone’s
Contact details are personal data that you keep a record of in order to contact the people participating in your research. These contact details must be kept separate from the information you collect from the participants during your research. If for some unforeseen reason someone gets access to your research data, they cannot trace it to the participants. You destroy the contact details as soon as you are sure that they are no longer necessary for your research.
The law states some ground rules for collecting personal data for the purpose of research:
Processing encompasses everything that you as a researcher do with the personal data or that you have someone else do: saving, storing, analysing, anonymising, showing to others, and publishing.
You must draw up a processing agreement if you have the details processed by a third party, for example, when you use an online application for surveys. Legal Affairs can help with drawing up a processing agreement.
By law every person has the right to protection of their privacy. When collecting personal data for research purposes you are therefore responsible for protecting the privacy of your participants. This means you have to properly secure research data that contains personal data:
You can find more information concerning collecting and processing personal data in the Privacy lemmas in the UvA and AUAS A-Z lists.
For an overview and a step-by-step plan download the Privacy Reference Cards.
The UvA and AUAS Data Protection Officers may give advice on the use of personal data in research.
M. (Martijn) de Hamer | functionarisgegevensbescherming@hva.nl
J.M.C. (Miek) Krol | fg@uva.nl