Here you can test whether your research data might contain personal data: https://redcap.link/kk9w7k2k
Personal data constitutes any data that can be linked to an individual either directly or indirectly. Examples of personal data include names, the personal identity code and contact information, as well as opinions, a physical or mental characteristic, a photo, vocal recordings or any other information which allows a person to be identified.
Some personal data belong to special categories of personal data. These include:
Data subject means the person whose data are processed. People studied for research purposes are data subjects.
Controller means the party in charge of personal data processing in relation to the data subjects.
In the case of theses completed at the University, the University and student are joint controllers, which is also indicated in the privacy notice.
Personal data processing requires advance planning. Before you begin collecting and processing personal data, you must determine
The processing of personal data always requires a legal basis, as specified in data protection legislation.
Possible legal bases for bachelor’s theses and other theses before the master’s level:
Possible legal bases for a master’s thesis to be published:
Legislation relating to research ethics or medical research may require that subjects give their consent for research participation. However, such consent does not mean the same thing as “consent as a legal basis for processing", but is intended to ensure that the subject is adequately informed. Public interest should be used as the legal basis for processing personal data in this case, as well. Ensure that the research subjects understand that although their consent for research participation is requested, public interest is the legal basis for the processing of their personal data.
Read more about the legal bases for processing in Flamma, under Data protection guide for researchers.
Also pay attention to accountability: you must be able to demonstrate your compliance with data protection legislation. You can do so by drawing up a data management plan and data protection notice.
Inform your research subjects about the processing of their personal data before you begin collecting data. You can use the templates for data protection notices available on Flamma, under Data protection guide for researchers. The templates include the information required by law. If the research is not conducted as part of one of the University’s research groups or if you are not employed by the University, indicate yourself and the University jointly as the data controller.
If the research data have not been collected directly from the research subjects, you can depart from the requirement to provide information if it would involve a disproportionate effort (e.g., if you do not have the subjects’ contact information). Please note that a completed data protection notice also serves to demonstrate accountability.
Store personal data only in storage locations and repositories that you know to be secure and ensure that your working methods do not undermine the protection of data. Primarily use the University’s systems and services to process data. Ensure that personal data can only be processed by people with a legitimate reason to do so.
If personal data are to be exceptionally transferred outside the EU, discuss this with your supervisor.
Note that personal data may be transferred if you
Ensure that you do not include unnecessary personal data in your publication. If you want to include personal data (e.g., photos or opinions indicating the person’s name) in your final work, you must, as a rule, obtain the person’s consent.
As a rule, when you have finished your thesis and it has been approved, you must destroy any material containing personal data. If you plan to keep your material for later use in a doctoral thesis, for example, you must inform the research subjects in advance.
If, by way of exception, you plan to keep the material after your thesis has been completed and approved, discuss it with your supervisor.
As a student, you are responsible for
The guidance of students is primarily their supervisors’ responsibility. If required, supervisors can get support for this from the University’s support services.
The supervisor is responsible for
The University’s support services are responsible for