European Privacy Day: How does NSCR handle personal data in scientific research?

NSCR processes personal data for the purpose of conducting scientific research, often special personal data in view of NSCR's research programme. As a research institute, we therefore attach great importance to the careful handling of this personal data. To provide support in working with this data in the right way - in which, among other things, the privacy legislation (GDPR) sets frameworks - the NSCR has a Privacy Coordinator. For example, it helps the researchers by advising on risks within the scientific research or by carrying out a Data Protection Impact Assessment (DPIA). This is an assessment of the privacy risks associated with the processing of personal data, which is done before the investigation starts.

In order to support the institute as well as possible, various processes have been set up to help comply with privacy obligations. When researchers want to start a new study, they fill in a Data & Privacy Questionnaire. This questionnaire answers various data management and privacy questions, such as which personal data the researcher wants to process and how this is done. This questionnaire therefore serves directly as a pre-DPIA, because it is assessed whether the current investigation concerns such a high risk to the privacy of data subjects that a DPIA must be carried out. If that turns out to be the case, the investigator will start with the DPIA and the Privacy Coordinator will ensure further improvement and completion of this DPIA.

When NSCR collaborates with external parties, privacy is also of paramount importance. For example, NSCR makes legal agreements with these parties where necessary. These are, for example, processing agreements or data supply agreements. The data subjects, whose personal data are processed in research, are also informed of the purpose of the research and how the processing of their personal data is done within this research. To this end, NSCR has a privacy statement for participants in scientific research (see privacy statement), which has also been specially created for various target groups that have a lower command of written Dutch.

With the introduction of the Privacy Days, NSCR contributes to raising awareness within the research institute about the handling of personal data and the possible risks involved. During these Privacy Days, information was shared with colleagues, the Privacy Questions and Ideas Box was introduced – where colleagues can anonymously submit their privacy question or idea to take NSCR further – and pastries with privacy tips were handed out today on the official European Data Protection Day. Successful days that contribute to awareness and safe handling of personal data within scientific research by NSCR!

If you would like to know more about this subject, please contact Privacy Coordinator Quincy van Opzeeland via privacy@nscr.nl