Regulations
The main European Union document reglamenting personal data processing is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, better known as the General Data Protection Regulation (GPDR).
The Vilnius University Rules for Processing Personal Data for Research Purposes (available only in Lithuanian) adapt the principles stated in the GPDR to Vilnius University research practices.
Key points:
- Informed consent must be obtained from the data subject in advance of data capturing.
- Captured data must be anonymised as soon as possible.
- Research outcomes containing personal data may not be published without the data subject's consent.
- Personal data should not be kept longer than is necessary for the purposes of the project and should be deleted immediately thereafter.
- Personal data collected for the purposes of one research project cannot be used for another project without the data subject's consent.
- The Principle Investigator of the project/group will be held responsible for the adherence to the Rules.
GPDR and the Vilnius University Rules for Processing Personal Data for Research Purposes do not apply to the data of deceased persons.
When conducting biomedical research, ethical approval by the Vilnius regional biomedical research ethics committee must be obtained.
The Guidelines for Ethical Review prepared by the Office of the Ombudsperson for Academic Ethics and Procedures of the Republic of Lithuania also provide useful recommendations regarding measures to be taken when using personal data for research purposes.
Recommendations for researchers handling personal data
Before the project
- Make a list of personal data you are going to collect and people who need to have access to those data. If you work in a research group, one member of the group should be made responsible for personal data management.
- Keep in mind that data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data concerning health, sex life or sexual orientation, criminal convictions, as well as genetic and biometric data are subject to stricter safety requirements than other kinds of personal data. Vilnius University prohibits the processing of these data on personal devices (e.g. laptops, smart phones).
- Prepare the project information sheets and the consent forms to be given to data subjects prior to data collection (a sample Study Participant Information Sheet and a sample Consent Form can be found in the annexes of the Guidelines for Ethical Review prepared by the Office of the Ombudsperson for Academic Ethics and Procedures of the Republic of Lithuania).
- When planning the project’s budget, do not forget to consider the financial and time resources that that may be required for data anonymisation.
- Give thought to where you will store the data. It is recommended that data be stored on an encrypted or password-protected device that is not part of a network. If you are going to store personal data on a networked device, it is very important that you employ technical solutions that allow limiting access to the data (e.g. password protection).
- Give thought to how you will safely dispose of the data when they will be no longer needed.
During the project
- Adhere to the agreed safety procedures.
- Do not leave personal data unattended.
- Avoid making unnecessary copies of documents containing personal data.
- Anonymise the data as soon as possible.
- Use only safe software for processing the data.
- If you have to transfer the data, make sure to use only safe networks and devices.
Digital data anonymisation tools
Quantitative data can be effectively anonymised using Amnesia.
For interview transcriptions, the advice provided by the UK Data Service and their Text anonymization helper tool might be helpful.
Need some advice?
Questions on topics related to research data management can be directed to Dr Gintė Medzvieckaitė from the Scientific Information and Data Division.
Scholarly Communication and Information Centre
Saulėtekio al. 5 (Block B, 4th floor, Room 403)
Phone: +370 5 219 5062
Email:
Contact via MS Teams
Consultations regarding the use of personal data for research purposes are also provided by Vilnius University data protection officer Viktoras Bulavas: by phone: +370 5 236 6200, by email: .