Privacy & Security
What
Privacy focuses on minimising and protecting identifiable information. It includes:
- collecting only the personal data you truly need
- keeping identifiers separate from research data
- using pseudonymisation as early as possible
- ensuring appropriate consent/assent and necessary agreements are in place
- limiting access to identifiable data to authorised team members
- documenting decisions about what data you collect and why
- deleting or anonymising data when it is no longer needed
Security focuses on safeguarding data against loss, misuse, or unauthorised access. It includes:
- storing data in secure, approved environments
- using secure methods for sharing and transferring data, such as encryption
- avoiding personal devices and unsupported cloud tools
- restricting access to authorised users only
- keeping secure logs of decisions and data-handling procedures
- ensuring data is handled and transferred through trusted channels
Why
Following best practices in privacy and security ensures that personal data - especially involving children and adolescents - are handled safely, lawfully, and ethically. These practices are relevant to every stage of your project: from collection to storage, processing, and sharing. Paying attention to these practices safeguards participants’ rights, reduces the risk of data breaches, and protects the integrity of your research. It ensures compliance with the GDPR (General Data Protection Regulation), as well as relevant institutional policies.
When
Being mindful of privacy and security from the start will improve your workflow and reduce risks later on. That’s why you should address these issues during the planning phase of your project, before even collecting any data . This is the moment to determine what personal data you will collect, whether a Data Protection Impact Assessment (DPIA) is required, and which secure systems you will use.
Still, privacy and security are not a one-time check. You may need to revisit them during the project, particularly when new partners join, data flows shift, or additional types of data are introduced.
How
The one-pager below outlines the basic steps in every research project that uses personal data, please refer to the Data Privacy Handbook to find more information about each of these topics.
Resources
The information below is borrowed from the Seeking help at Utrecht University chapter from the Data Privacy Handbook.
In addition to the Data Privacy Handbook, there are several resources available to support you with building and maintaining privacy & security into your research projects:
Education
Tools & Services
- The UU Tooladvisor lists tools that are GDPR-compliant and safe to use.
- The webpage on Privacy Engineering Tools outlines tools and packages to deidentify, encrypt, synthetise and otherwise work with personal data.
Online Information
UU-wide
- Website: Research Data Management Support
- Intranet: Privacy (UU?)
- Intranet: Information Security (UU?)
Faculty-Specific
- Geosciences: RDM and privacy, ethics
- Science: RDM and privacy, ethics
- Social and Behavioural Sciences: tech support, ethics
- Humanities: RDM and privacy, ethics
- Law, Economics and Governance: RDM and privacy, ethics
- Veterinary medicine: Research Support Office
- Medicine: ethics, data management-related information can be found on UMCU Connect.
In-Person Support
The first point of contact about privacy are the Privacy Officers of your faculty.
Besides the privacy officer, you can also ask for help from:
- Your local data steward/data manager (see websites above) or Research Data Management Support.
- Information security.
- In some faculties, the Research Support Officemay be of help in drafting agreements.
- If you suspect a data leak or data breach, contact the Service Deskimmediately.