Sometimes students carry out a survey as part of their graduation assignment without having implemented the education methodology.
More information is available on the Cyber Safety website, under Privacy, including the Guideline Privacy Rules.
Some graduation assignments require the processing of personal data.
If the student is going to participate in an existing project, the processing has already been registered by the responsible employee and is known by the Data Protection Officer team. In that case, the student does not need to take any further action.
However, if the research leads to a new processing, the student must register the processing, where the supervisor is recorded as the contact person. Report the processing via the registration button for processing, here you will also find the accompanying manual.
In any graduation study involving personal data, the supervisor must inform the student of internal appointments and safe practices and indicate the GDPR (General Data Protection Regulation). The supervisor points out to the student what is expected of him / her when working with personal data. More information about this, such as the guidelines privacy rules and the poster Personal data research protocol’ is available at the Cyber Safety website.
The GDPR states that the use of collected data for statistic or scientific research are compatible lawful processing operations, if the right measures are taken. We need to anonymize the data and we need to minimize the use of data in relation to the purpose of the research. We also need to erase the data as soon as possible. It is important to record the processing in the register of processings. Maybe a DPIA (Data Protection Impact Assessment) is necessary. Furthermore, we need to inform the data subjects about the use of their data for research.