Banner-statico_2537x320.jpg

GDPR and research activities

Any research activity that deals with personal data must comply with EU Regulation on the protection of personal data 2016/679 ("GDPR"). "Personal data" means any information (data, video, audio, image ...) relating to an identified or identifiable natural person, called "data subject". The data controller could process personal data upon respect of GDPR obligations and the rights of the person concerned. Compliance with these rules must be ensured in all phases of research activities, both during the design and in the subsequent phase of implementation of the research.

Therefore, all research activities that use or collect data that can lead to the identification of natural persons, must analyse the type of data processed, the purposes and methods of processing, and carry out, where necessary, an "impact assessment" (Data Protection Impact Assessment - DPIA). For example, interviews, questionnaires, image acquisition, geo-referencing, processing of biomedical data, research on social networks process personal data.  

In addition, it is worth to underline that the communication and dissemination activities, common to all research projects, process personal data too. The organization of public events, informative and training initiatives, participation in trade fairs, creation of project web pages, and registration to newsletters are some examples of activities that process personal data.

Information sheets concerning data privacy settings need to be provided to the involved people in case researches foresee the following dissemination and communication activities:

  • To create a project website and update its pages with news, reports, images, publications, useful links to other initiatives, it is necessary to make available to users an information sheet concerning the policy adopted for navigation within the site and on the use of "cookies" on the site.
  • To organize research dissemination events (seminars, conferences, info days with stakeholders, training and educational events planned within research initiatives) it is necessary to provide information sheet concerning privacy data settings for those registered to the events.
  • To disseminate the photographs taken during an event, or video-interviews or images that contain recognizable people, it is necessary to provide information sheet concerning privacy policy and to have previously acquired the informed consent by involved people.
  • To register users for periodic newsletters, it is necessary to provide information sheet for recipients to notify they will receive the newsletter following registration and the possibility to cancel their name from the list of recipients.

It is fair to point out that the linked information sheets must be adapted according to the specific activities.

Ultimo aggiornamento  2022/01/13 12:31:41 GMT+2