Data privacy is an important topic, in particular when working with personal data. We have addressed some of the most important topics about data privacy on this page. For information on dealing with personal data and cyber safety, visit the following website on privacy and security issues.
Data minimisation encompasses the idea that the collection of personal data is limited to that data directly necessary to achieve the goals of the research project. Today, it is no longer accepted in a research setting to collect a set of (personal) data and then later decide the purposes of using this data.
The researcher should not collect data that are not necessary for a specified purpose that has been notified to data subjects. Researchers should process only the minimum amount of personal data.
Data retention periods
Generally, personal data in the form that permits identification of data subjects should only be retained for as long as necessary for the specified purpose.
It is important to regularly review any personal data you retain, and delete anything you no longer need. The data retention period should be specified in the informed consent information brochure, so that the data subject is aware about how long their personal data is being stored.
To summarize, the retention period of personal data should only be for as long as the personal data is necessary. So, for example, contact data (email-address, telephone number, etc.) has to be deleted when there is no need to contact the data subject again for the particular research project the subject gave informed consent for.