1.5 What are the basic principles of the GDPR?

The GDPR is based on six basic principles that must be observed when processing personal data:

• Lawfulness, fairness and transparency : personal data is processed in a transparent manner with respect for all applicable laws, regulations and rules
• Purpose limitation  (finality and proportionality): personal data is only processed for the purpose of the investigation and the processing is reasonable and proportional for achieving the purpose of the investigation
• Minimum data processing : only those personal data are used that are necessary to achieve the objectives of the investigation
• Accuracy : the personal data being processed must be accurate
• Storage restriction: personal data may not be kept longer than necessary for the current investigation or for possible further analyzes on the data (see also 5.1)
• Confidentiality and integrity : researchers must handle personal data confidentially and take appropriate measures to guarantee the confidentiality and integrity of this data

In addition, the  self-responsibility obligation also applies as a general principle . For this it is important to ask yourself the following questions: at the start of my research, I thoroughly considered and documented the privacy aspects of my research and am able to demonstrate that I have actively taken responsibility for processing make personal data happen securely.