The basic level of security must always be in accordance with the institution's information security policy. However, additional measures may be necessary specifically for each processing. The selection of the additional security measures is based on an assessment of the risks.
With regard to data protection, pseudonymisation and encryption are put forward by the GDPR.
If possible, it is recommended to split personal data as quickly as possible from the research data ( pseudonymisation ). The code file must be kept in a separate and safe place. Only the researchers involved have daily access to the pseudonymised data. Access to raw personal data must be strongly restricted. The access rights and modalities to the (raw and pseudonymized) data must be clearly recorded in the register.
The use of encryption for storage or data transfer is also strongly recommended by the GDPR.
« Ga terug
Powered by Help Desk Software HESK, brought to you by SysAid
Bezig met laden kennisbank...