An important distinction in this context is that between personal and non-personal data. Personal data includes all information directly or indirectly relating to a natural person, such as name, address, email, and phone number (directly identifiable), and gender, nationality, age, religion, and sexual orientation (indirectly identifiable).

 

It is important to identify whether you are going to collect any personal data because in that case the data management process should comply with the European ‘General Data Protection Regulation’ (GDPR) requirements. 

 

Be mindful of collecting only personal data that are strictly necessary for your research. When conducting your research, it is important that the volunteering participants are sufficiently informed about the research and give their explicit permission to use the information they provide (informed consent). This consent is provided through the Informed Consent Form that needs to be signed by each research participant.

 

To be able to use personal data in your research, the collected data should be anonymized (i.e., removing identifying information), pseudonymized (i.e., replacing identifying information), or encrypted (i.e., encoding identifying information). After collecting the data, you should also make sure that your data is safely stored and protected against hardware and software failure, theft, hacking, and loss. Data storage platforms should also comply with GDPR standards. Therefore, it is important that you do not store or share personal data (e.g., interview transcripts) on your personal Google Drive, iCloud, Dropbox, OneDrive, Gmail, etc. Instead, you should only use software (e.g., SPSS, R, Stata, Atlas.ti, Qualtrics) and storage provided by the university (e.g., TiU Google Drive).

You can find more useful information on research ethics, handling personal data, informed consent, and the protection of data in the Tilburg University LibGuide.