Personal data
Contents
Personal data¶
Definition of personal data¶
Personal data is information about living people who can be identified using the data that you are processing, either directly or indirectly.
For example, a person’s name, address or other unique identifier such as their Social Security number.
“Data related to the deceased are not considered personal data in most cases under the GDPR.”
Indirect identifiers include health, economic, cultural or social characteristics. Especially when a certain combination of these identifiers can be used to identify a person, care must be taken to manage the data properly.
Particularly sensitive data include data relating to a person’s:
racial/ethnic identity
political opinions
religious/philosophical beliefs
trade union membership
genetic and biometric data
physical or mental health
sexual orientation
Personal data policies¶
There are various policies in place in different countries to protect the rights of individuals over their personal data. For example, in Australia personal data is regulated under the Australian Privacy Act. In the European Union the GDPR (General Data Protection Regulation) applies to the processing of personal data and may require you to carry out a Data Protection Impact Assessment (DPIA). Processing means doing anything with a person’s information, including collection, storage, analysis, sharing, deletion and destruction. To ensure that you are up to date with the requirements of managing sensitive data, please review the national/institutional policies that apply to your research. See [HCH+15] for recommended practices for sharing clinical trial data.