Presentation is loading. Please wait.

Presentation is loading. Please wait.

Issues of personal data protection in scientific research

Published byNorah Marsh Modified over 6 years ago

Similar presentations

Presentation on theme: "Issues of personal data protection in scientific research"— Presentation transcript:

1 Issues of personal data protection in scientific research
Prepared by: Marko Trošelj

2 The Croatian legal framework
International Acts - Convention 108 and EU legislation Personal data and privacy protection – Constitutional category Article 37: The safety and secrecy of personal data shall be guaranteed for everyone. Without consent from the person concerned, personal data may be collected, processed, and used only under the conditions specified by law. includes the purpose limitation principle General act: Personal Data Protection Act (OG 103/03, 118/06, 41/08, 130/11)

3 Basic provisions Personal Data Protection Act regulates the personal data protection of natural persons The purpose of personal data protection is to protect the privacy of individuals, as well as other human rights and fundamental freedoms in the processing of personal data

4 Definitions Data controller: the entity that determines the purposes and means of processing personal data Processor: the entity that processes personal data on behalf of the controller Data subject: an identified or identifiable natural person whose personal data are processed Data processing: any operation or set of operations which is performed on personal data. (collection, recording, organization, storage, usage, disclosure, dissemination...)

5 Personal data processing
Purpose of processing: Personal dana shall be collected for a purpose known to the data subject, explicitly stated and in accordance with the law Further processing only for the purposes it has been collected for, or for a purpose in line with the purpose it has been collected for EXCEPTION Further processing of personal data for historical, statistical or scientific purposes shall not be considered as incompatible provided that appropriate protection measures are in place

6 Personal data processing
Proportionality principle - Personal data must be relevant to what is necessary in relation to the established purpose and it shall not be collected in quantities more extensive than necessary Personal data must be accurate, complete and up to date Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data are processed. Personal data may be stored for longer periods solely for historical, statistical or scientific purposes – appropriate protection measures are established by special acts.

7 Personal data processing
Lawfulness of processing Personal data shall be collected and subsequently processed only if one of the following applies: with consent of the data subject in cases determined by law for the purpose of fulfilling legal obligations of the controller

8 Special categories of personal data
Processing of personal data pertaining to racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, data concerning health or sexual orientation, as well as personal data regarding criminal and misdemeanour proceedings In principle, shall be prohibited Exceptions: - upon consent of the data subject - if the data processing is necessary to exercise the rights and obligations of the controller based on special regulations…

9 Information to data subject
Prior to collecting any personal data, controller must inform the data subject whose personal data is being collected about: the identity of the controller, the purpose of processing this data, the right of access the right to rectification the recipients or categories of recipients

10 Usage of personal data by the recipience
Controller shall allow the usage of personal data to other recipients based on written request if this is necessary for carrying out tasks within their activity as defined by law The written request must contain provisions on purpose, legal basis, and type of personal data requested Personal data processed for scientific research or statistical purposes must not allow for the identification of data subjects

11 Safeguards Personal data shall be adequately protected from accidental or deliberate abuse, destruction, loss, unauthorized alteration or access controller and recipient shall undertake appropriate technical, staffing and organisational measures

12 Rights of the data subject
controller shall within 30 days provide the following to every data subject: whether or not data relating to the data subject are being processed allow access and copying of such files information on who obtained access to the data, for what purpose and on what legal basis Upon request or independently controller shall alter or delete personal data if this data is incomplete, inaccurate or outdated

13 General Data Protection Regulation
It shall apply from 25 May 2018. Uniformity of personal data processing in all Member States New Challenges

14 Principles Lawfulness, fairness and transparency Purpose limitation
Data minimisation Accuracy Storage limitation Integrity and confidentiality Accountability

15 New Definitions restriction of processing pseudonymisation profiling
genetic data biometric data

16 Anonymisation The principles of data protection should apply to any information concerning an identified or identifiable natural person This Regulation does not concern the processing of anonymous information, including for statistical or research purposes

17 Data processing for scientific purposes
The processing of personal data for scientific purposes should be subject to appropriate safeguards for the rights and freedoms of the data subject pursuant to this Regulation Principle of data minimisation Principle of purpose limitation Principle of storage limitation

18 Thank you for attention

Download ppt "Issues of personal data protection in scientific research"

Similar presentations

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.

Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR

PRIVACY ASPECTS OF RE-USE OF PSI: BETWEEN PRIVATE AND PUBLIC SECTOR
Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.

Data Protection & Privacy in the Information Age COMNET – Legal Frameworks for ICTs Malta 2013 Dr Antonio Ghio Dr Jeanine Rizzo.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV - 2011 NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.

ILONA GAVRONSKA GROUP IL-41 INTERNATIONAL LAW DEPARTMENT KYIV NATIONAL ACADEMY OF SCIENCES OF UKRAINE KYIV UNIVERSITY OF LAW.
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Ioannis Iglezakis Data Protection. Definition of Data Protection The legal protection of individuals with regard to automatic processing of personal information.

Ioannis Iglezakis Data Protection. Definition of Data Protection The legal protection of individuals with regard to automatic processing of personal information.
Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN 31. 01. 2007 Stephen.

Data Protection Principles as Basic Foundation for Data Protection in EU/EEA Introduction to Data Protection Theory Seminar - AFIN Stephen.
DATA PROTECTION ACT 1998. INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March 2000. It is more far reaching than its predecessor,

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,

Similar presentations

Ads by Google