GDPR: Can I share research data with personal data with other researchers or institutions when my research project has ended?
The GDPR does not prevent research data containing personal data from being shared with other researchers for reproducibility and reuse after the research.
What are the conditions for the reuse of personal data?
- Sufficient technical and organizational measures must be taken such as pseudonymization, limitation of access to the data, encryption, ...
- The principle of data minimisation must be respected (do not collect/process more personal data than necessary and do not transmit more personal data than necessary).
- If the research goal of the reuse can be achieved with anonymous data, this is definitely preferred.
- The purpose of the reuse must fall within the expectations of the data subjects.
- When collecting data, explicit permission must be requested for the reuse of the data (see also this research tip).
If pseudonymised data are shared with third parties for the purpose of reproducibility or reuse, you must clearly describe in the GDPR register how this is done and what technical and organisational safeguards have been taken to protect the rights of the data subjects.
More tips
- GDPR: how can I ensure that the processing of personal data is lawful? (Research integrity & ethics)
- GDPR: how do I protect my data correctly? (Research integrity & ethics)
- GDPR: how do I register personal data processing activities? (Research integrity & ethics)
- GDPR: how long may I store research data containing personal data? (Research integrity & ethics)
- GDPR: how to be transparent to data subjects in my research? (Research integrity & ethics)
- GDPR: what are personal data? (Research integrity & ethics)
- GDPR: what are some things to consider when processing personal data from minors? (Research integrity & ethics)
- GDPR: What are the basic principles? (Research integrity & ethics)
- GDPR: What are the different roles and responsibilities according to the GDPR? (Research integrity & ethics)
- GDPR: What do I need to think about when transferring personal data to third countries or international organisations? (Research integrity & ethics)
- GDPR: What do I need to think about when using a mailing list in the context of my research? (Research integrity & ethics)
- GDPR: what has changed with regard to the previous privacy legislation? (Research integrity & ethics)
- GDPR: What information should I include in an informed consent form when the processing of personal data is based on the consent of the data subjects? (Research integrity & ethics)
- GDPR: what is the General Data Protection Regulation? (Research integrity & ethics)
- GDPR: What rights do data subjects have, how do I respect them and what exceptions may apply to research? (Research integrity & ethics)
- GDPR: what should I do in case of a data breach? (Research integrity & ethics)
- GDPR: What should I do in the event of further/secondary processing of personal data? (Research integrity & ethics)
- GDPR: What should I keep in mind when designing my research? (Research integrity & ethics)
- GDPR: what should I keep in mind when processing special categories of personal data? (Research integrity & ethics)
- GDPR: What should I think about when I collaborate with others or share my data? (Research integrity & ethics)
- GDPR: When am I processing high-risk personal data and when do I need to conduct a DPIA? (Research integrity & ethics)
- GDPR: when does it apply to my research? (Research integrity & ethics)
- GDPR: who are considered to be vulnerable persons? (Research integrity & ethics)
- GDPR: why is it important to comply with this legislation? (Research integrity & ethics)
Translated tip
Last modified Aug. 28, 2024, 9:51 a.m.