general data protection regulation (gdpr)...b3. sharing data findable, accessible, interoperable and...
Post on 01-Jan-2021
3 Views
Preview:
TRANSCRIPT
Data Management and General Data Protection Regulation (GDPR)
TiSEM 25-08-2020
• Formal document, drawn up at the start of the research project, but
dynamic;
• Outlines what you will do with your data during and after your research;
• Describes how you are planning to keep your data safe for the present
and the future.
The Tilburg University Research Data Office provides support.
What is a data management plan (DMP)?
• Administrative information;
• Description of roles and responsibilities;
• Description of the data;
• Handling (privacy) sensitive data;
• Data storage during and after the research;
• Metadata and documentation;
• Sharing and re-use (incl. ethical and legal issues).
Components of a DMP
Tips for writing a Data management Plan
• Storage and back-up: See https://www.tilburguniversity.edu/intranet/research-support/management/data-storage;
• Access: Think about privacy sensitive data → access limited?
IRB Submission Part 2B: DMP
Which phase
of the
research?
1. Storage Location:
Where are the data stored?
2. Storage Format:
Is the storage format in the list
above
3. Access to Data:
Can others than members of the
research team access the data in this
phase of the research?
A. Data
Collection
and Analysis
O TiU-a: <add
information>
O No, <add
information>
O No
O Other: <add
information>
O Yes O Yes, <add
information>
B. Data
Archiving
(min. period:
ten years)
O TiU-a: <add
information>
O No, <add
information>
O No
O Other: <add
information>
O Yes O Yes, <add
information>
B2 Meta data
What will be included in the metadata, and how it will be documented?
If you use a metadata standard, indicate which one.
→ What should be included:
1. Documentation = All information that is needed to enable reuse: administrative, descriptive, structural.
– E.g., methodology, analytical and procedural information, definitions of variables, units of measurement, reasons for missing values, etc.;
– How? E.g., README files, codebooks, text files, information included in data files or syntaxes.
2. Metadata = Machine readable data documentation.
– Help others identify and discover the data: Explain e.g., the purpose, creators, time, origin, location and access conditions of research data;
– Added when data are deposited in a repository;
– Metadata standard: For Dataverse: the Data Documentation Initiative (DDI): a widely used, international standard for describing data from the social, behavioral and economic sciences.
E.g., Title, author, description, subject, keywords, date of collection, etc.
IRB Submission Part 2B: DMP
B3. Sharing Data
Findable, Accessible, Interoperable and Reusable (FAIR):
• Findable: others can find your data (it is in a repository, with metadata and a persistent identifier);
• Accessible: others can access (part of) your data set, if issues such as privacy do not hinder this;
• Interoperable: people and machines can open the files and can combine this data set with other data sets through common (metadata) standards;
• Reusable: the above three, plus: others can understand the data and know how they can reuse it (e.g., the data is documented and licensed).
Data should be ‘open as possible, closed if necessary’;
B4. Storage of non-digital data
location, form, access
IRB Submission Part 2B: DMP
General Data Protection Regulation (GDPR) – Principles
LAWFULNESS
Tilburg University shall only process Personal Data if it is
lawful
PURPOSE LIMITATION
Tilburg University shall only process Personal Data if there is a
legitimate purpose
DATA MINIMIZATION
Tilburg University guarantees that Personal Data are relevant,
adequate and not excessive in relation to the purpose(s) for which they were collected.
ACCURACY
Tilburg University guarantees on the basis of reasonableness that the Personal Data are accurate.
SECURITY
Tilburg University shall take appropriate technical and
organizational measures against unauthorized and unlawful
processing of Personal Data and against accidental loss, erasure
or damage of Personal Data.
RIGHTS OF PARTICIPANTS
Tilburg University guarantees that action will be taken in line with the
rights of the individual whose Personal Data TiU processes.
ACCOUNTABILITY
Tilburg University can demonstrate that it meets the
above obligations.
Theme Policy Research
• The theme policy research provides researchers with insights on the
effects of the GDPR on Scientific Research
• Document and website about the GDPR and Scientific Research
• Offers guidelines and concrete support
• Data representatives
• TiSEM: Pam Dupont
Personal Data (IRB part 2C: C1 and C2 )
Any information relating to an identified or identifiable
natural person (‘data subject’);
Name
Online
IdentifierPicture
Identification
Number Combination
of data
PseudonymizationAnonymization
Special
personal data
IRB submission form 2 C3 – legal ground
• Lawfulness of processing
Processing shall be lawful only if and to the extent that at least one of the
following applies:
• Data sets: new, re-used (secondary use), public, web scraping
the data subject has given consent to the
processing of his or her personal data for
one or more specific purposes.
Implications of GDPR prior to starting the research
• Data can only be processed if there is a previously established goal
• Data minimization
IRB Submission form 2C (C3-C7)
• Data Agreements
• Programs and software: data processor agreements
Data Processing Register & DPIA (C9 & C10)
• Record of all personal data that is being processed at TiU, specified per
study, internal process and other activities;
• Integrated form for research for Institutional review, Data Management
and the Data Processing Register;
• Data Protection Impact Assessment (DPIA) – 2 out of 9 categories
Rights of Data Subjects
• Informed
• Access*
• Rectification*
• Erasure*
• Restriction*
• Data portability
• Object
• Automated Decision Making
* These can be restricted for scientific research
Implications while performing scientific research
• Collecting, analyzing and storing data
Access has to be limited
Safe storage
Data leaks
Sharing data with peers, translators, transcribers, etc.
Through a secure medium;
Outside of the university? A processor agreement might be required.
Solo research Internal collaborations
(within TiU)
External collaborations
Standard data TiU Network drive TiU Network drive
SURFdrive (up to 250 GB) SURFdrive (up to 250 GB) SURFdrive (up to 250 GB)
TiU Google Drive (up to 30 GB) TiU Google Drive (up to 30 GB) TiU Google Drive (up to 30 GB)
SharePoint teamsite (up to 1 GB) SharePoint teamsite* (up to 1 GB)
Confidential dataTiU Network drive
Protect your data
TiU Network drive
Protect your data
SURFdrive (up to 250 GB)
Protect your data
SURFdrive (up to 250 GB)
Protect your data
SURFdrive (up to 250 GB)
Protect your data
Secret dataTiU Network drive
Protect your data
TiU Network drive
Protect your data
Contact Research Data Office
Recommended storage facilities
* External researchers need a guest account. The access rights have to be renewed every year.
• Everybody as the right to correct and ethical use of their personal
data
• Thinking about your data in an early phase saves time later;
stimulates data documentation → helps you and others to
understand your data in the future;
• Correct and ethical use of data can improve reliability of results
and general trust in science
• Breach of regulations can lead to negative publicity, reputation
damage and fines
• Requirement of the university and funders – scientific integrity
includes responsible data management
Why comply? Be a trustworthy and responsible researcher!
top related