Skip to ContentSkip to Navigation
Research Research Data Management Data Protection & GDPR Data Protection

Roles & responsibilities

<Page under construction>


The GDPR defines various roles for natural persons and organisations that process personal data. For each role the GDPR establishes a set of obligations regarding the protection of the rights and freedoms of the person concerned:

  • the ‘data controller’, which ‘alone, or jointly with others, determines the purposes and means of the processing of personal data’, and
  • the ‘data processor’, which ‘processes personal data on behalf of the controller’.  

The UG uses a data processing agreement template that is based on the SURF template. It is appropriate for situations in which the UG is the controller and another party is the data processor. You can acquire the UG template at the Department of Administrative and Legal Affairs (ABJZ). For more information consult the Privacy Portal (on My University).

Internal responsabilities

The GDPR and the Netherlands Law on Higher Education shape the internal responsibilities for research. These responsibilities are elaborated in the UG Data Protection Policy, and they are in interplay with Codes of conduct on research integrity, ethical code of conduct and discipline-specific data management policies.  

Every faculty or service unit within the UG has at least one privacy & security coordinator who supports the privacy-proofing of that faculty or service unit and coordinates the execution of the duties of their board or directorate. The privacy & security coordinator is the first point of contact for privacy-related questions from staff members of that faculty or service unit [1]. For more information and contacts consult the Privacy Portal (on My University).

The Data Protection Officer (DPO) is responsible for supervising compliance with the privacy laws and regulations and the privacy policy. The Data Protection Officer provides advice to all administrative layers of the University and, together with the information security manager and the IT auditor, advises the board of the University on the annual action plan of the faculty or service department for information security and privacy protection.

RDO can help you to identify best practices and to further develop transparency about the internal and external responsibilities in your research project.

[1] G eneral Policy on Protection of Personal Data University of Groningen, June 2018

Last modified:11 February 2020 12.48 p.m.