Versions Compared

Old Version 1

changes.mady.by.user Ele Loonde

Saved on

compared with

New Version Current

changes.mady.by.user Tuuli Randver

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As data protection issues overlap with those of data management, it is recommended to deal with both simultaneously. For example, if a project involves pseudonymisation of personal data for security, it is possible to plan it early on: how to do it, who will have access to the key or the data, and what will be done with the key at the end of the project. All these decisions should be written down in the data management plan (see 2.2.1).

2.1. Where to start when personal data are to be processed in research?

2.2. How much personal data needs to be documented in research?

2.2.1. Data management plan

...

2.2.5. Data protection impact assessment

2.2.6. Informed consent

2.3. What must the consent include?

2.3.1. Consent must be freely given

...

2.3.7. Consent must be easy to withdraw

2.4. What to consider when personal data are processed without consent?

2.4.1. Data must be pseudonymised or additional requirements met

2.4.2. Reference should be made to the legal provision

2.5. How to ensure the lawful processing of personal data?

2.5.1. The legal basis is determined before the processing of personal data starts

...

2.5.4. People are given as much freedom of choice as possible

2.6. How to ensure fair processing of personal data?

2.6.2. It must be possible to communicate directly with the controller

...

2.6.6. Processing of personal data is ethical

2.7. How to ensure transparent processing of personal data?

2.7.1. Provided information is clear, understandable and relevant

...

2.7.4. In the case of joint liability, a clear distinction must be made of what for and to what extent each person is liable

2.8. What to consider when using secondary personal data?

2.8.1. Secondary use may be compatible with the original purpose

...

2.8.7. Secondary use of disclosed personal data

2.9. How to respect people’s rights over their data in research?

2.9.1. Right to be informed about the processing of personal data

...

2.9.8. Right to be protected against automated decision-making

2.10. What to consider when processing the data of vulnerable people?

2.10.1. Vulnerable persons and groups

...

2.10.3. Processing of vulnerable persons’ data may jeopardise their rights and interests

2.11. What to consider when processing special categories of personal data?

2.11.1. Processing special categories of personal data without consent requires the ethics committee’s approval

...

2.11.3. The concept of special categories of personal data can be difficult to apply

2.12. How precisely should the purpose of the study be formulated?

2.13. When is ethics committee’s approval needed?

2.13.1. Statutory obligation

...

2.13.3. Ethical considerations

2.14. How to assess the risks associated with personal data processing?

2.14.1. General method of risk assessment

...

2.14.3. Preparing a data protection impact assessment

2.15. What to consider when processing children’s personal data?

2.15.1. Minors cannot give consent but must be asked to assent to the processing of their data

...

2.15.3. Legitimate interest cannot be the legal basis for processing a child’s personal data

2.16. What to consider when processing the data of deceased persons?

2.16.1. Protection of deceased persons’ data serves to protect other people

...