This chapter gives an overview of the data protection issues that may arise in the course of research once the processing of personal data has already started. The chapter deals with ensuring security, anonymisation, pseudonymisation and responding to possible breaches.
Despite careful planning, unexpected problems may arise during the research process. It is also important to be aware of the possibility that people involved in research may wish to exercise their rights and make requests or other demands for their data.
3.1. How to ensure the security of personal data processing?
3.1.1. Systematic management of information security.
3.1.2. Needs-based access to personal data.
3.1.3. Secure transfer of data.
3.1.4. Secure storage of data.
3.1.5. Backing up data.
3.1.6. Awareness of the possibility of breaches.
3.1.7. Appropriate services, software and tools for processing personal data.
3.2. What to consider when personal data is transferred from one country to another?
3.2.1. European Union member states, Iceland, Liechtenstein and Norway
3.2.2. Third countries with an adequate level of data protection.
3.2.3. Other third countries.
3.3. Why and how to pseudonymise personal data?
3.3.1. Causes and timing of data pseudonymisation.
3.3.2. Pseudonymisation entities.
3.3.3. Methods of data pseudonymisation.
3.4. Why and how to anonymise personal data?
3.4.1. Causes and timing of data anonymisation.
3.4.2. Anonymisation entities.
3.4.3. Methods of data anonymisation.
3.4.4. Avoiding the linking of data and persons.
3.4.5. How to conduct an anonymous survey?
3.5. What to do in the event of a data breach?
3.5.1. Data breaches must be reported immediately.
3.5.2. Be prepared to share information after a breach has been reported
3.5.3. Possible consequences of the breach.
3.6. What to do if the data subject makes a request about their data?