The data files you work with have specific formats. The definitions of these data can be open (so called open formats) or proprietary formats, e.g. file formats of commercial vendors like Microsoft (.docx, xlsx). The open formats are in general maintained by the community and are, in general backward compatible. So if you open an

Pseudonymized data is defined in the fifth definition of art. 4 of the GDPR. Unlike anonymising, pseudonymising is not a method to make data unidentifiable. It actually is a way of protecting personal data in a safer manner. It is a legal term that means that personal data can no longer be linked to an

Archived research data can (and should) be published. Data publication is a somewhat misleading concept. What is being published is the metadata of your data package. The data itself remains stored in the archive, e.g. YoDa, DataVerse of FigShare. Once you publish your data you get a DOI and are able to refer to the

Processing of (research) data is defined in the second definition of art. 4 of the GDPR. Be aware that processing is much more than only storing data. It covers all activities with data, ranging from reading a file (or piece of paper), sending data per mail, transporting it from a handheld device to a laptop

An ORCID is a persistent identifier for persons and are used to be able to refer uniquely to a person. The ORCID is the emerging standard. Other standards, like ScopusID (Elsevier) or ResearcherID (Web of Science) are already resolvable to ORCID’s. At the UU the ORCID is the preferred standard for reference to persons.

You can only process personal data when you have la legal ground (art. 6 GDPR). The GDPR lists six possible lawful bases (legal grounds) for processing. Not all of them are used when doing research. The two most commonly used legal grounds for doing research are consent and public interest. There are situations, e.g. if you

According to the GDPR , personal data is ‘any information relating to an identified or identifiable natural person’. That seems very abstract and it is, for a reason: a lot is covered under that description. People often think of a name, date of birth or email address when it comes to personal data, but it entails

The processing registry is where all data processing activities in which personal data are involved should be registered (GDPR art. 30). Universities have different solutions for this registry. Some are organized at faculty-level, some centrally. A general registration obligation for all UU research studies is expected in the future.

A Key File is a file which results from anonymizing activities. It contains personal data elements (e.g.) a name) and a code with which the occurrences of that name is replaced within the transformed data files. With key files data can be re-identified. Hence they should never be stored on the same locations as the

The General Data Protection Regulation (GDPR, in Dutch: Algemene verordening gegevensbescherming, AVG) is the legal framework in the EU for the protection of personal data of natural persons (living individuals). Each member state has a national implementation of this framework. In the Netherlands this is called the Uitvoeringswet Algemene Verordening Gegevensbescherming (UAVG). The national implementations

FAIR is an ideal for data (and research) and is part of the Open Science idea. FAIR Data stands for Findable, Accessible, Interoperable and Reusable. Findability is warranted by demanding each archived data package has a DOI attached to it. With regards to Accessibility, this depends on the nature of the data. Data packages containing

An agreement between a data controller and a data processor (GDPR art. 4, definitions 7 & 8). The data controller is the party which determines the purposes and means of the processing operation. The data processor processes personal data on behalf of the data controller. If you process personal data but are not fully in