Universiteit Leiden

nl en

Research using personal data

If your research project involves collecting private or otherwise sensitive data, you must ensure adequate data protection measures are taken. Research must be conducted in accordance with the General Data Protection Regulation (GDPR). In terms of patient data, for instance, when used for research carried out at the LUMC, the relevant professional codes also apply.

Processing register for researchers

Are you starting a new scientific research project that contains personal data? If so, the processing register will record how your personal data are processed. You can use the data management plan (DMP, .docx, 62 kB) to describe the intended actions and agreements.


4 tips for research using personal data

  1. Collect as little personal data as possible
    Before you start collecting data, please consider: precisely what personal data are required for the research? For instance, is it necessary to collect personal data that can be traced back to a natural person? The rule of thumb is: the less, the better. This also minimises the chance of an unnecessary Data Protection Impact Assessment (DPIA).
  2. Get consent
    The data subjects must give voluntary consent. You can find more information about this on the page about informed consent.
  3. Work securely 
    Ensure that personal data does not fall into the hands of unauthorised third parties. Learn how to work securely online.
  4. Destroy or anonymise personal data once your research is complete
    For more information on destroying or anonymising personal data, contact the Centre for Digital Scholarship.


If you have any questions about the research processing register, please contact your privacy officer or the Privacy Desk. For general questions and advice on the processing of personal data and the preparation of a data management plan, please contact the Centre for Digital Scholarship.

This website uses cookies.  More information.