In this Blog post, Robin Rice, Data Librarian at the University of Edinburgh, introduces a case study: Personal data: What does GDPR mean for your research data?
Dr. Niamh Moore talks about how research has evolved to take data protection and ethics into account, focusing on the time-honoured consent form, and the need to take “a more granular approach” to consent: subjects can grant their consent to be in a study, but also to have their data shared–in the form of interview transcripts, audio or video files, diaries, etc., and can choose which of these they consent to and which they do not.
Consent remains a key for working with human subjects ethically and legally, but at the University of Edinburgh and other HEIs, the legal basis for processing research data by academic staff may not be consent, it may simply be that research is the public task of the University. This shifts consent into the ethical column, while also ensuring fair, transparent, and lawful processing as part of GDPR principles.
I was invited to contribute to the video as well, from a service provider’s perspective because our Research Data Support team advises and trains researchers on working with personal and sensitive data. One of my messages was of reassurance, that actually researchers already follow ethical norms that put them in good stead for being compliant with the Law.
Indeed, this is a reason that the EU lawmakers were able to be convinced that certain derogations (exceptions) could be allowed for in “the processing of personal data for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes,” as long as appropriate safeguards are used.
Our short video brings out some examples, but we could not cover everything a researcher needs to know about the GDPR – the University of Edinburgh’s Data Protection Officer has written authoritative guidance on research and data protection legislation for our staff and students and has also created a research-specific resource on the LEARN platform. Our research data support team also offers face to face training on Working with Personal and Sensitive Data which has been updated for GDPR.
I have tried to summarise how researchers can comply with the GDPR/UK Data Protection Act, 2018 while making use of our Research Data Service in this new Quick Guide–Research Data Management and GDPR: Do’s and Don’ts. Comments are welcome on the usefulness and accuracy of this advice!
Data Librarian and Head, Research Data Support
Library & University Collections
Lien vers la source : http://bit.ly/2BE00OV