Such data is classified as sensitive since making it available to the public can have detrimental consequences for the data subject. As part of Utrecht University's Information Security Policy, you are asked to assess the risks associated with your data. To do so, we recommend to start by asking yourself the following questions: Will I be working with special categories of personal data?Ĭheck ‘what is personal data’ to see if your data fits in any of the special categories. Personal data must be carefully secured against loss, theft and tampering.
#BASIC DATA PRIVACY PRINCIPLES FULL#
This makes full anonymisation difficult to achieve. If information from other external datasets/registries can be used in conjunction with your own dataset to identify an individual then your dataset it still considered to hold personal data and as such is not fully anonymised. Keep in mind that even if the information contained within your dataset is not sufficient to identify an individual, this does not necessarily entail that your dataset has been anonymised. Direct or indirect identificationĪn identifiable natural person is someone who can be identified, either directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, an occupation or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Please look at the section further below called “Assessing the risks” for more information on working with special categories of personal data. Research is one of the possible exceptions that allows processing of special personal data. Processing of this special personal data shall be prohibited, except for specific purposes and under certain circumstances. Examples are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. There are special categories of personal data that need extra security. Examples of sensitive personal data include BSN (‘burger service nummer’), criminal history and illegal acts. This is because divulging such information may place these individuals in vulnerable or disadvantageous situations. Sensitive personal dataĬertain personal data is considered particularly sensitive and thus requires more protection. Personal data can include a variety of information, such as name, address, phone number, occupation and IP address. If you collect research data that can identify a person, then this is classified as personal data. This document lays out the responsibilities, measures and duties Utrecht University researchers must uphold concerning personal research data. If you want to know more about handling personal data at Utrecht University you may also read the ‘ Utrecht University Personal Data Processing Policy’. See the guide on ' Data management planning' for more information on developing your DMP. The GDPR does not concern the processing of anonymous information, including for statistical or research purposes. The GDPR states that you should only collect data which is relevant, limited to what is necessary and only for specified, explicit and legitimate purposes. Making a DMP before you start collecting personal data will help you practice 'privacy by design', which is an important principle in the GDPR.
Be sure to assign responsibilities (record who is authorized to do what) to adhere to the GDPR principle of accountability. To show that you’ve considered the potential risks of working with personal data it is important to write down the security measures you will adopt to safeguard the privacy of your data subjects, in your data management plan (DMP). To get you started on this topic, we offer the workshop Handling personal data in research, or you can read this guide.
#BASIC DATA PRIVACY PRINCIPLES CODE#
Best Practices for Writing Reproducible Code.Introduction to R & Data for Humanities.Quick start to Research Data Management.Learn to write your DMP (online training).Walk-in hours & Workshops Close submenu +.Pilot transcription service Amberscript.Transcription of audio data Close submenu +.
The research data repository DataverseNL.Storing and managing data Close submenu +.Working safely with research data from home.
0 kommentar(er)
