GDPR in research: transparency
This website provides information about transparency in the context of the GDPR in research:
The GDPR requires the controllers to be transparent to data subjects about the processing of their personal data. That means that data subjects should be informed about which personal data is processed, for which purpose, to whom data are accessible and for how long, and how data are securely stored. In many cases, written consent is required before processing of personal data is allowed.
Be aware that written consent is not the only base to process personal data. For more information see article 6 GDPR. You find a link to this article at the end of this chapter.
When written consent is used as base for the processing of personal data, the following applies:
- Research participants should be informed about personal data processing through an information brochure and give their permission by signing an informed consent form (together: informed consent procedure).
- The informed consent procedure should include at least the following information concerning processing of personal data:
- Which personal data is processed and for which purpose, to whom data are accessible and for how long and how data are securely stored.
- Contact details of the controller (RU) and the controllers’ representative.
- Contact of for instance the data protection officer (functionaris gegevensbescherming).
- If the controller intends to share data outside the current research project and under which conditions or restrictions.
- Information about participants’ rights concerning data processing (transparency, information and access, rectification and erasure, data portability).
- For how long data are preserved and when they are disposed.
- Withdrawal of consent, and what this means concerning the usage of data.
- Ask yourself which personal data you need to collect and for which purpose (see the principle of data minimisation).
- Add a data section to your information brochure and informed consent form. For instance, the CCMO model proefpersonen informatie (section 10; in Dutch) has such a data section.
More information about transparency can be found in the following recitals and articles in the GDPR.
Frequently asked questions
Read the frequently asked questions about transparency in the GDPR and its implications for research data management.