GDPR in research: data quality
This website provides information about data quality in the context of the GDPR in research:
The data quality principle comprises that data has to be of good quality, i.e. the data has to be accurate and up-to-date. This implies that if you discover that personal data is inaccurate or not up-to-date, you have to take steps towards rectification or deletion of these data.
- The data controller is the person who is responsible for the data quality. The data controller should determine the purpose (why?) and means (how?) of the processing of personal data. So, if you, as a researcher, determine why and how personal data is processed, you are the data controller and thus responsible for the data quality.
- Take steps and document these steps to ensure the personal data you hold is accurate. With ‘inaccurate’, we refer to any incorrect or misleading data.
- Additionally, take steps and document these steps to ensure that the personal data you process is up-to-date. ‘Up-to-date’ is particularly relevant if your research assumes that your data remains actual.
- For example: if you are a medical researcher and you acquire personal data about the correlation between obesity and diabetes, you want up-to-date data when a patient is diagnosed with diabetes.
Another example: if a data subject moves house from Nijmegen to Amsterdam and your dataset is saying that the person is currently living in Nijmegen, the data is not up-to-date. However, if the dataset states that the data subject once lived in Nijmegen, at a certain date, and only this data is needed, the dataset doesn’t have to be updated; even though the person no longer lives in Nijmegen.
- The GDPR strengthens the rights of anyone whose personal data is processed. This includes the right to rectify personal data. In order to keep your data accurate and up-to-date, data subjects should have the opportunity to update their personal data when it is inaccurate.
For example, in the information brochure, refer to participants rights concerning their personal data (e.g. refer to this page) and state on the informed consent form that participants have the right to rectify inaccurate personal data and that they can contact you in case of desired rectifications.
- These guidelines only concern accuracy of personal data; of course, they do not apply to anonymised data (i.e., data that does not include any (link to) personal data) but may still apply to pseudonymised data (i.e., if data can still be attributed to a specific data subject, by using additional information such as a key file).
More information about data quality can be found in the following articles and recitals in the GDPR.
Frequently asked questions
Read the frequently asked questions about data quality in the GDPR and its implications for research data management.