Privacy & Ethics

Proper privacy and security practices ensure that personal data, especially involving children and adolescents, is handled safely, lawfully, and ethically. It covers how you collect, store, process, share, and protect data throughout your project, and ensures compliance with GDPR and Utrecht University policies.

Why Is Privacy & Security Important?

Paying close attention to privacy and security protects your participants’ rights and safety, especially when working with vulnerable groups such as minors. It helps prevent data breaches, protects the integrity of your research, and ensures that you meet all legal and ethical obligations.

When Should You Address Privacy & Security?

Being mindful of privacy and security from the start will improve your workflow and reduce risks later on. That’s why you should address these issues before even collecting any data during the planning phase of your project. This is the moment to determine what personal data you will collect, whether a DPIA is required, and which secure systems you will use.

Still, privacy and security are not a “one-time check.” You may need to revisit them during the project, particularly when new partners join, data flows shift, or additional types of data are introduced.

What Does Good Privacy & Security Look Like?

Good privacy practice focuses on minimising and protecting identifiable information. It includes: • collecting only the personal data you truly need • keeping identifiers separate from research data • using pseudonymisation as early as possible • ensuring appropriate consent/assent and necessary agreements are in place • limiting access to identifiable data to authorised team members • documenting decisions about what data you collect and why • deleting or anonymising data when it is no longer needed

Good security practice focuses on safeguarding data against loss, misuse, or unauthorised access. It includes: • storing data in secure, approved environments • using secure methods for sharing and transferring data, such as encryption • avoiding personal devices and unsupported cloud tools • restricting access to authorised users only • keeping secure logs of decisions and data-handling procedures • ensuring data is handled and transferred through trusted channels

Tools & Support

Several UU services can help you work safely with personal data: