Open data is research data that is freely available for anyone to download, modify, and distribute without any legal or financial restrictions.

The GDPR art. 9  takes special care of so called special categories of personal data (in Dutch: bijzondere persoonsgegevens), because processing these data may lead to discrimination or exclusion. Processing these is in principle forbidden, though there are several exceptions to this ban. If you plan to process one or more of these types of

A processor is a party which processes personal data on behalf of another party, called the controller. Where (part of) the processing is outsourced by the controller to a processor, for instance to a cloud service provider, the controller can be considered the client and the processor the contractor. The processor may act only on

The term “data subject” (in Dutch: betrokkene) is not defined in the GDPR , but from the context it is clear that the data subject is the person whose personal data are being processed.

A data management plan is a formal document you develop at the start of your research project which outlines all aspects of managing your data, both during and after your project. Data management is all about making your work efficient, and create more value for your data for yourself and others, during and after your

The Dutch Data Protection Authority has made a list of processing operations for which carrying out a DPIA is always mandatory. Check whether or not your processing operation meets at least two of the criteria in that list. If it does not, you have to assess for yourself whether your processing operation results in a

If you are a data controller (the party which determines the purposes and means of the processing of personal data) and you provide (some of) the personal data you are responsible for to another data controller (a party that determines their own purposes and means for processing those data), you need to enter into an

The person within your faculty who can help you with all personal data-related aspects of your research. Privacy contacts

The controller is the party that – alone or jointly with others – determines the purposes and means of the processing of personal data. Where (part of) the processing is outsourced, for instance to a cloud service provider, the controller can be considered the client and the other party the contractor. In GDPR terms, the

In the General Data Protection Regulation (GDPR), a ‘personal data breach’ is defined as ‘a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed’. You might think of a personal data breach as a situation in which a hacker

The term is a catch-all for all types of descriptions of data. Metadata is to inform researchers about different aspects of the research data. To give a few examples: The origin, or provenance, of the data. E.g. the specific location of a source in literature or an archive, or a description of the participants and

Raw data are the unprocessed data, the pure data which is as it is when collected, for instance non-anonymized interview audio, untransformed or uncleaned  survey data, data directly from ECG’s etc. They tend to contain personal data. Different universities/faculties have different policies with regards to these data. Some require deletion after anonymization, others demand that