Prepare for processing personal data
Personal data is ‘any information relating to an identified or identifiable natural person’. If you collect, process or analyse personal data in your research project, this information is for you. Note that geotracks are considered as personal data.
The Geo Research Data Support Team is here to assist you in taking the right steps in handling data in your research – in data management, privacy, information security and submission to the Ethics Review Board (optional). The objective of the team is to support you as a researcher in the concept of a “one stop shop”.Members of this “virtual team” are geo’s data manager , privacy manager , Geo’s Research Support Office, UU’s Research Data Management, Geo-ICT.
When you design your research and plan to collect or process personal data, please take these steps:
A Data Management Plan (DMP) is a formal document that outlines how data are to be handled both during a research project, and after the project is completed. The goal of a Data Management Plan is to consider the many aspects of data management, metadata generation, data preservation, and analysis before the project begins. A Data Management Plan is required by all funders.
You can use DMPOnline for a tool. Create an account first if you haven’t done so before. Please indicate “Utrecht University” as your Institution to get relevant examples for your DMP.
Also, on DMPOnline you will find Data Management Plans that researchers at UU have created and shared and use them for “inspiration”. You will find these plans in DMPOnline’s Dashboard.
The Privacy Review can be done in collaboration with Geo’s Research Data Support team . An essential part of the Privacy Review is a privacy risk assessment and to determine what measures should be taken to mitigate risks (such as anonymisation, pseudonimisation, aggregation, obfuscation). Also, the Privacy Review will indicate if you need a Data Processing Agreement or other legal documents. Because privacy and security measures may require significant project design changes, or may take a significant amount of time to develop, it is important to start the privacy review as early as possible.
The outcome of this review is either :
- Privacy risks are low or can be mitigated effectively. Then no additional action is needed.
- The privacy risks are identified, mitigating measures are determined and the risks can NOT be mitigated effectively . Then the Privacy Review should be extended to a “Data Protection Impact Assessment”(DPIA). Geo’s privacy manager ( a member of the Research Data Support Team) will work with you to write this DPIA. Also, UU’s Data Protection Officer (In Dutch: “Functionaris Gegevensbescherming”) must be consulted. Geo’s privacy manager will be your spokesperson to the Data Privacy Officer (that is, if you agree, off course).
If the funder requires ethical approval or if you would an ethics review, submit your request to the Science-Geo Ethics Review Board (SG-ERB)
Submit your research proposal via the application form. The research proposal should be submitted to and approved by the SG-ERB before the start of the actual study.
Information regarding the procedure after submission you can be found here. Please supply your research proposal, the Data Management Plan and the Privacy Review as attachments to the application.