Data Management & Privacy
The Faculty of Humanities provides support to researchers through a data manager and two privacy officers. These experts assist you with your questions on all aspects of research data management and personal data handling.
The officers also offer assistance to researchers with writing data management plans, archiving research data, obtaining DOIs, handling metadata, and conducting Data Protection Impact Assessments (DPIA).
Services
Why Data Management and Privacy Services?
A number of things have changed over the last years.
- In May 2018 the European General Data Protection Regulation (GDPR) came into force. Since then all research at the Humanities faculty involving human subjects must be GDPR-compliant.
- Since app. 2019 funders, like NWO, ZonMW and ERC have set up requirements with regard to FAIR research data.
- Since January 2020, all person-related research must be assessed by the Faculty Ethics Assessment Committee – Humanities.
- Since 2021, the Faculty’s data management policy was launched.
All these new rules and regulations have consequences for your research practice, both in the preliminary phase as well as during the research itself.
To name a few: your research should have a data management plan; when human subject are involved, your research must be assessed by the Faculty Ethics Assessment Committee – Humanities and your data sets need to be registered; financing parties want a copy of your Data Management Plan and possibly a written assessment of the Institutional Data Protection Officer; research participants need to sign a consent form before participation, etc.
The data manager and/or privacy officer can help you navigate these demands and the related deadlines.
Researchers
The privacy officer and data manager created a schematic overview outlining the necessary actions based on the type of research data you are handling.
Prerequisites and processing time
Action | Prerequisite | Processing time (approximately) | Outcome |
---|---|---|---|
Write DMP | Research plan, e.g. proposal | 1 week | A ‘ living’ document |
FETC assessment | – DMP – Consent forms – Information letters | 6 weeks | Assessment (either positive or revision required) |
Privacy scan | – DMP – Meeting PO | 2 weeks | A ‘living’ document |
Processing registry (in development) | – DMP | 1 week | Database entry |
DPIA | – DMP – Meeting PO | 12 weeks | Document |
Road map
One of the requirements for sound scientific research is a methodical and transparent approach within legal and institutional frameworks and ethical standards. Data management, privacy support, and ethical review provide the procedures to practically implement these principles. The road map covers the six most common research scenarios and two additional exceptional situations. For each of them, you will find a brief description of the tools and steps that are relevant in those cases.
If … then | DMP | Assesment FETC | Processing Registry (future) | Privacy scan | DPIA |
---|---|---|---|---|---|
No data, only references to finding places | ❌ | ❌ | ❌ | ❌ | ❌ |
In-house data | ✔️ | ❌ | ❌ | ❌ | ❌ |
Human subjects | ✔️ | ✔️ | ❌ | ❌ | ❌ |
Personal data – admin purposes only | ✔️ | ✔️ | ✔️ | ❌ | ❌ |
Personal data – for analysis | ✔️ | ✔️ | ✔️ | ✔️ | ❌ |
Sensitive data, sensitive or large-scale processing | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ |
What’s in it for you as a researcher?
All of the above are obligations. But what’s in it for you? Actually, quite a lot:
- The Data Management Plan enables you to structure your project data and to think over the data sets you are planning to collect.
- Writing an information letter or privacy statement forces you to think over and explain – in plain language – what your project is about, what you expect from your participants and how you are going to handle their personal data.
- Registration in our Data Processing Register (forthcoming) forces you to structure your work and makes it much easier to get your project accepted by the Faculty Ethics Review Commission
- A privacy scan or DPIA brings to light any risks for research might pose to your participants, and it helps you mitigate those risks before it’s too late.
- Ethical assessment is – in many cases – not only necessary to get your results published, but also to have the design of your research checked by experts.
Privacy basics for staff & students (online training)
One valuable resource is the e-learning course titled Privacy Basics for Researchers, which provides an introduction to the key concepts of the General Data Protection Regulation (GDPR) and their application in research. The module covers essential topics such as handling (sensitive) personal data, legal basis, informing participants, data protection measures, and data storage and sharing.
Accessible to anyone with a Solis-ID, this self-paced module requires approximately 1.5 hours The module takes about 1.5 hours and can be accessed by anyone with a Solis-ID.