This chapter will present the most important definitions, principles and rights of data subjects outlined in the GDPR and how it applies to your research. Most of the practical advice that we provide in this Handbook will be rooted in and builds on the concepts presented here.

Chapter summary

The GDPR is a EU-wide regulation that controls the processing of personal data. If you process personal data, you should:

  • Make sure you have a legal basis to process the data. In research, this is often informed consent.
  • Be transparent and fair towards data subjects.
  • Be specific in which personal data you process and for what purposes. Limit the amount of data you process to what is necessary, and only store the data for that necessary amount of time.
  • Protect the confidentiality of the data by incorporating privacy by design into your project from the start.
  • Make sure your data subjects can exercise their data subjects’ rights, and they know how to do so.