Get started

On this page: privacy checklist, project design, getting started
Date of last review: 2023-12-21

So you use personal data in your research: what steps do you need to take?

The one-pager below outlines the basic steps in every research project that uses personal data. You can use the rest of the Data Privacy Handbook to find more information about each of these topics:

Image with 10 steps towards privacy compliance in research: (1) Keep the GDPR in mind when designing your research: Do you need to collect personal data, why, and how much? (2) Make sure you have a legal basis to use personal data, e.g., public interest or consent (3) Document privacy risks and privacy-related decisions, e.g., in a Data Management Plan, privacy scan, or Data Protection Impact Assessment (4) Arrange ethics review. Ethics review makes sure that you have also taken ethical implications into account (5) Inform participants properly, e.g., in an information letter, oral script, privacy statement (6) Protect your data with organisational measures, e.g., access control, agreements with external parties, data protection policies, researcher training (7) Protect your data with technical measures, e.g., anonymise, pseudonymise, encrypt your data, use safe storage (8) Enable participants to exercise their rights, e.g., right to data access, correction, objection, erasure (9) FAIR data: balance risks and Open Science principles, e.g., share under restricted access, or only share metadata and materials (10) Ask for help when you need it! Contact your privacy officer or data steward for support Utrecht University RDM Support (2023). 10 steps towards privacy compliance in research. https://doi.org/10.5281/zenodo.10417513

The rest of this chapter outlines typical privacy issues and design solutions for several types of scientific research:

  • Interview studies
  • Webscraping (WIP)
  • Sensors and mobile devices (WIP)
  • Consortia (WIP)
  • … and possibly more

Utrecht University logo

Data Privacy Handbook

The information presented here is provided as is, with no guarantees of accuracy or completeness. For the most up-to-date information, please refer to your privacy officer, the university website or intranet. We cannot be held responsible for any negative consequences due to incorrect interpretation or use, and inconsistencies with policies/views of other institutions.

Privacy policy | Cite the Data Privacy Handbook