Rights of data subjects
Researchers must inform their human data subjects about their research, risks and measures to protect the privacy of their data subjects.
Rights of human data subjects
The main objective of the GDPR is to protect the rights and freedoms of data subjects (i.e., human, living individuals). To reach this goal, the GDPR defines a set of rights that individuals can exercise regarding their personal data. For researchers, it is important to be aware that these rights also apply to human data subjects in their research projects.
Communication about the rights
Researchers must inform their human data subjects carefully and thoroughly about their research, risks and measures to protect the privacy of their data subjects. This also includes the communication of the rights to data subjects in your research project to enable them to exercise their rights.
Restriction of the rights
In some situations, it might negatively affect your research if your data subject would exercise their rights (e.g., right to erasure: keeping data for verification purposes). The GDPR recognizes the importance of scientific research and therefore also defines exceptions specifically for scientific research (art. 89-2 of the GDPR). The exceptions are not an exemption to all requirements in the GDPR; they only aim to provide exceptions to specific data subjects' rights in specific situations. The use of these exceptions requires additional safeguards (art. 89-1 of the GDPR), for which you as a researcher are responsible.
The DCC can help you choose and implement these safeguards.
How can data subjects exercise their rights?
It is important to realize that your data subjects may exercise their rights. Any questions, complaints or objections involving the rights of data subjects who take part or have participated in scientific research conducted by staff of the University of Groningen should be addressed to the privacy officers of the legal department of the University of Groningen through privacy rug.nl. This information will always be shared with the Data Protection Officer (DPO) of the University of Groningen.
|05 February 2024 1.45 p.m.