GDPR: who are considered to be vulnerable persons?
Sometimes mention is made of vulnerable natural persons in the context of the General Data Protection Regulation (GDPR).
Examples
- minors
- pregnant women
- the elderly
- people with mental disorders
- asylum seekers
- people with disabilities
- ethnic minorities
- the sick and patients
These are often persons who are legally incompetent, persons who cannot give their consent, or persons who may suffer very adverse consequences if their personal data were to become publicly available (see also European Commission, (2021) “Ethics in Social Science and Humanities” Guidelines, page 11).
If you want to include vulnerable people in your research, you need to justify it. The question you need to answer here is: can the research results be obtained by including another, less vulnerable group in your research?
Fulfilment of the criterion of vulnerable person is highly dependent on the context of your research. For example, a research project that incorporates political preferences will entail a much higher risk if this occurs in repressive regimes.
Implications for data processing
The processing of personal data of vulnerable persons can give rise to a DataProtection Impact Analysis (a risk analysis, included in the GDPR register).
In addition, this will also affect how you must provide information to the data subjects and ask for consent from the data subjects.
More information
More tips
- GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended? (Research integrity & ethics)
- GDPR: how can I ensure that the processing of personal data is lawful? (Research integrity & ethics)
- GDPR: how do I protect my data correctly? (Research integrity & ethics)
- GDPR: how do I register personal data processing activities? (Research integrity & ethics)
- GDPR: how long may I store research data containing personal data? (Research integrity & ethics)
- GDPR: how to be transparent to data subjects in my research? (Research integrity & ethics)
- GDPR: what are personal data? (Research integrity & ethics)
- GDPR: what are some things to consider when processing personal data from minors? (Research integrity & ethics)
- GDPR: What are the basic principles? (Research integrity & ethics)
- GDPR: What are the different roles and responsibilities according to the GDPR? (Research integrity & ethics)
- GDPR: What do I need to think about when transferring personal data to third countries or international organisations? (Research integrity & ethics)
- GDPR: What do I need to think about when using a mailing list in the context of my research? (Research integrity & ethics)
- GDPR: what has changed with regard to the previous privacy legislation? (Research integrity & ethics)
- GDPR: What information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Research integrity & ethics)
- GDPR: what is the General Data Protection Regulation? (Research integrity & ethics)
- GDPR: What rights do data subjects have, how do I respect them and what exceptions may apply to research? (Research integrity & ethics)
- GDPR: what should I do in case of a data breach? (Research integrity & ethics)
- GDPR: What should I do in the event of further/secondary processing of personal data? (Research integrity & ethics)
- GDPR: What should I keep in mind when designing my research? (Research integrity & ethics)
- GDPR: what should I keep in mind when processing special categories of personal data? (Research integrity & ethics)
- GDPR: What should I think about when I collaborate with others or share my data? (Research integrity & ethics)
- GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Research integrity & ethics)
- GDPR: when does it apply to my research? (Research integrity & ethics)
- GDPR: why is it important to comply with this legislation? (Research integrity & ethics)
Translated tip
Last modified Aug. 28, 2024, 10:05 a.m.