Legal and ethical aspects

Answer toA: Personal data means any information that directly or indirectly identifies an individual, such as name, email address, health data or IP address. According to VDAR/GDPR, such data must be processed under strict privacy and security requirements in order to protect the rights of the individual. In research, personal data require special attention, including anonymisation or pseudonymisationto ensure ethical use.

Special categories of personal data are Sensitive information which includes data concerning an individual’s race, ethnic origin, political opinions, religious beliefs, trade union membership, health, sexual life or orientation, as well as genetic and biometric data, in accordance with GDPR/GDPR. The processing of such data in research requires stronger safeguards, including explicit consent or a legal basis to ensure privacy protection. These are to be anonymised or be made anonymous and stored in secure, encrypted systems, in compliance with ethical and regulatory requirements.

Answer toA: The management of personal data in research must respect GDPR/GDPR requirements at all stages of the data lifecycle, ensuring privacy protection. At the planning stage, the data management plan should define the types of personal data and plan for their Anonymisation or pseudonymisation. Encrypted platforms should be used during the data collection and processing stages, access should be restricted and participants should be informed about the use of the data. During the sharing and archiving phases, data should be deposited in secure repositories, respecting the data minimisation principles and legal requirements

Answer toA: Before starting to collect and process data, a Research Data Management Plan (RDP) describing the data protection measures must be prepared and submitted. Documentation of consent for the processing of personal data in accordance with the requirements of the GDPR must also be provided, e.g. informed consent from participants must be obtained. It is advisable to draw up a confidentiality agreement on data security for the parties involved and to set access restrictions. Finally, the methodology for anonymising or pseudonymising data should be documented in order to protect the confidentiality of the participants.
If the research involves personal data, particularly sensitive data or invasion of participants’ privacy, it is often necessary to obtain the opinion of the Research Ethics Committee before starting to collect data, but this is not always mandatory the need should be assessed according to the nature of the research and the requirements of the institution or funder.

Answer toA: Yes, a confidentiality statement is usually required even if the data is collected anonymously. According to VDAR/GDPR, individuals must be informed of the purpose of the data collection, the nature of the processing and how anonymity is ensured. The notice explains that data such as profession, age or education will not be used to identify an individual and confirms that personal data such as email addresses are not processed. This ensures transparency, builds trust and complies with data protection requirements .

Answer toA: You must enter into a contract with the data provider (i.e. company, institution) and this contract must describe the issues related to data ownership, re-use, etc. Ask your university lawyer for help in drafting such an agreement.

Legal and ethical aspects

Answer toA: Personal data means any information that directly or indirectly identifies an individual, such as name, email address, health data or IP address. According to VDAR/GDPR, such data must be processed under strict privacy and security requirements in order to protect the rights of the individual. In research, personal data require special attention, including anonymisation or pseudonymisationto ensure ethical use.

Special categories of personal data are Sensitive information which includes data concerning an individual’s race, ethnic origin, political opinions, religious beliefs, trade union membership, health, sexual life or orientation, as well as genetic and biometric data, in accordance with GDPR/GDPR. The processing of such data in research requires stronger safeguards, including explicit consent or a legal basis to ensure privacy protection. These are to be anonymised or be made anonymous and stored in secure, encrypted systems, in compliance with ethical and regulatory requirements.

Answer toA: The management of personal data in research must respect GDPR/GDPR requirements at all stages of the data lifecycle, ensuring privacy protection. At the planning stage, the data management plan should define the types of personal data and plan for their Anonymisation or pseudonymisation. Encrypted platforms should be used during the data collection and processing stages, access should be restricted and participants should be informed about the use of the data. During the sharing and archiving phases, data should be deposited in secure repositories, respecting the data minimisation principles and legal requirements

Answer toA: Before starting to collect and process data, a Research Data Management Plan (RDP) describing the data protection measures must be prepared and submitted. Documentation of consent for the processing of personal data in accordance with the requirements of the GDPR must also be provided, e.g. informed consent from participants must be obtained. It is advisable to draw up a confidentiality agreement on data security for the parties involved and to set access restrictions. Finally, the methodology for anonymising or pseudonymising data should be documented in order to protect the confidentiality of the participants.
If the research involves personal data, particularly sensitive data or invasion of participants’ privacy, it is often necessary to obtain the opinion of the Research Ethics Committee before starting to collect data, but this is not always mandatory the need should be assessed according to the nature of the research and the requirements of the institution or funder.

Answer toA: Yes, a confidentiality statement is usually required even if the data is collected anonymously. According to VDAR/GDPR, individuals must be informed of the purpose of the data collection, the nature of the processing and how anonymity is ensured. The notice explains that data such as profession, age or education will not be used to identify an individual and confirms that personal data such as email addresses are not processed. This ensures transparency, builds trust and complies with data protection requirements .

Answer toA: You must enter into a contract with the data provider (i.e. company, institution) and this contract must describe the issues related to data ownership, re-use, etc. Ask your university lawyer for help in drafting such an agreement.