Roles & responsibilities
<Page under construction>
The GDPR defines various roles for natural persons and organisations that process personal data. For each role the GDPR establishes a set of obligations regarding the protection of the rights and freedoms of the person concerned:
- the ‘data controller’, which ‘alone, or jointly with others, determines the purposes and means of the processing of personal data’, and
- the ‘data processor’, which ‘processes personal data on behalf of the controller’.
The UG uses a data processing agreement template that is based on the SURF template. It is appropriate for situations in which the UG is the controller and another party is the data processor. You can acquire the UG template at the Department of Administrative and Legal Affairs (ABJZ). For more information consult the Privacy Portal (on My University).
The GDPR and the Netherlands Law on Higher Education shape the internal responsibilities for research. These responsibilities are elaborated in the UG Data Protection Policy, and they are in interplay with Codes of conduct on research integrity, ethical code of conduct and discipline-specific data management policies.
Every faculty or service unit within the UG has at least one privacy & security coordinator who supports the privacy-proofing of that faculty or service unit and coordinates the execution of the duties of their board or directorate. The privacy & security coordinator is the first point of contact for privacy-related questions from staff members of that faculty or service unit . For more information and contacts consult the Privacy Portal (on My University).
RDO can help you to identify best practices and to further develop transparency about the internal and external responsibilities in your research project.
 G eneral Policy on Protection of Personal Data University of Groningen, June 2018
|Last modified:||11 February 2020 12.48 p.m.|