General Data Protection Regulation
Pursuant to Article 30 of the EU General Data Protection Regulation (GDPR) 2016/679, all activities involving the processing of personal data must be recorded in a record of processing activities.
The German-language data protection portal for Hamburg universities provides extensive data protection information regarding research. Article 30 (1)–(5) are particularly relevant for researchers and survey participants, and can be found here:
Research and the data processing associated with it must be conducted in accordance to the GDPR. This requires 2 steps:
- Register your data processing activity using the online VVT+ form on the Sharepoint page of the information security officer of Universität Hamburg: http://uhh.de/rrz-vvt
- Fill out the risk analysis and documentation form, and keep it with your files so that you can present it to the information security officer on request.
You will find the most significant information on satisfying the legal data protection provisions, along with the documents to be filled out, on Universität Hamburg’s German-language integrated information security and data protection page.