The EU General Data Protection Regulation (GDPR) comes into effect on 25 May, 2018.
What is the GDPR?
The European Parliament adopted the GDPR in April 2016, replacing an outdated data protection directive from 1995. It carries provisions that require businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.
GDPR has raised also the standard required of researchers handling personal data. For researchers, it is not only essential to be aware of and to follow the best practices in their field or discipline, but also to identify the appropriate legal basis for data processing.
During the recent LIBER webinar on GDPR and implications for researchers, speakers Maria Rehbinder (Senior Legal Counsel at Aalto University and Certified Information Privacy Professional) and Marlon Domingus (Data Protection Officer at Erasmus University Rotterdam) took a look at how GDPR relates to research data management. The focus is on the lawful bases for processing data (in particular Article 6.1e) and protections for ‘academic expression’ as outlined in Article 85 of the GDPR.
Researchers will need GDPR compliant data management plans and/or arrangements in order to meet the other data processing and security principles.
Researchers will also need to ensure that they supply all information required by Article 13 and Article 14 to research participants, explaining how participants personal data will be used in the project.
- The General Data Protection Regulation (GDPR) : what is it all about?
- General Data Protection Regulation: Guidance to Dgroups Foundation from WA-Research
- GDPR Data Portability and Core Vocabularies published: read new ISA2 study
- EDM Council Report Finds Data Management Key to GDPR Compliance, by A.R. Guess, Dataversity, May 22, 2018
- LIBER Webinar: Turning FAIR Data Into Reality (recorded LIBER webinar)
- GDPR, ORCID, and You, by Joe Schwarze, ORCID blog, 2018-05-21
- The Data Protection Act and the General Data Protection Regulation (UK Data Service)
GDPR Day Is Here – What Happens Next?, by SCHOLARLY KITCHEN, May 25, 2018
- GDPR : Reality Check: Who controls your data?, by Lora Jones, BBC News, 25 April 2018
- This checklist from the U.K. Information Commissioner’s Office highlights 12 steps you can take to begin preparing now for the GDPR, which will come into effect in 2018
- GDPR Guidebook for PKP Users, by James MacGregor, Public Knowledge Project, April 30th, 2018
- The InfoQ eMag: Perspectives on GDPR, by InfoQ, April 16, 2018
- So, What is Data Mapping and Why is it the Key to GDPR Compliance?, by Richard Macaskill, April 25, 2018, Dataversity
- GDPR: What does it mean for research and repository managers? (Recorded webinar, JISC, 2018)
- Data Governance 2.0 at the Hub of Data Curation, by Michelle Knight , April 26, 2018, Dataversity
- Most data is about multiple people – what does that mean for data portability? (Open Data Institute, May 11, 2018)
- Open Data Charter Measurement Guide (Open Knowledge International, 2018) analyses the Open Data Charter principles and how they are assessed based on current open government data measurement tools. Governments, civil society, journalists, and researchers may use it to better understand how they can measure open data activities according to the Charter principles.
Big Data vs. Smart Data, by By Keith D. Foote, Dataversity, May 10, 2018