If the nature of your project means that you have to work with personal data, you should discuss your research project with the Legal Services team at an early stage. This is because both you and the university are subject to numerous regulations regarding the use of personal data. For example, appropriate technical and organizational measures must be in place to protect data from unauthorized access, and, where necessary, a catalog of procedures (Verfahrensverzeichnis) containing a formal description must be created. If the project is tendered or subcontracting is used, specific contractual agreements must be put in place.
It is important to discuss data protection early on in your project’s life cycle as breaches of data protection regulations can significantly impact your project. For example, any data that has been processed incorrectly must be deleted. Breaches can also lead to fines or time-consuming inspections by supervisory authorities.
The Central Office for Data Protection at Universities in Baden-Württemberg (ZENDAS) provides detailed information, in German, on data protection for research projects on its website. If you would like guidance on data protection for your project, the university can put you in touch with ZENDAS. Please contact the Legal Services team as soon as possible as reviews completed by ZENDAS may take some time.
Personal data is any data that can be used to identify an individual, such as a person’s name, or, if combined with other data, can infer a person’s identity.