Since the General Data Protection Regulation (GDPR) came into effect, organizations such as universities are required to appoint a data protection officer (DPO, in Dutch: functionaris voor de gegevensbescherming). The DPO’s main job is to oversee the application and observance of the GDPR within the organization. As an internal supervisor the DPO is independent. The

A DOI, or a Digital Object Identifier, is what is being called a persistent identifier. It offers a reference to an object somewhere available on the internet. A DOI is a code which, when prefixed with ‘https://doi.org/’ leads you to a webpage, also landing page, describing the object. DOI’s in the Netherlands are being distributed

A DPIA is a risk-inventory assessment. In Dutch a gegevensbeschermingseffectbeoordeling (GBEB). A DPIA is sometimes recommended and in some situations it is required by law (GDPR Art. 35). This is the case when there is a possibility of a high risk to the ‘rights and freedoms’ of data subjects. According to the GDPR, such a

Each Dutch University has a Computer Emergency Response Team, which needs to be informed in case you suspect misuse of university information, systems, equipment, a data breach or if you want to report a calamity? CERT is available 7 days a week (8.30 – 23.00): In case of emergency: +31 (30) 253 5959 No urgency:

Archiving research data means storing it for a long term in a fixed state. Normally you do so in a data archive or a repository. The difference between the two is that, in contrast to an archive, a repository has mechanisms for finding and retrieving the data, e.g. through a data catalogue and a download

Anonymized data is data which does not contain (or which has been cleaned of) all occurrences of personal data which can directly or indirectly identify a natural person. Anonymized data is not subject to the GDPR. Please note: in case of indirect identification, data is not considered anonymous, Indirect identification can take place in different