Enabling the Reuse of Personal Data in Research: A Classification Model for Legal Compliance

TL;DR

This paper introduces a classification model based on GDPR principles to help researchers manage personal data legally and securely, promoting responsible open science.

Contribution

It presents a novel decision tree and a set of requirements for compliant storage and access of personal data in research.

Findings

Developed a GDPR-based classification model for personal data

Created a decision tree to guide researchers on data management

Outlined requirements for secure data storage and access

Abstract

Inspired by a proposal made almost ten years ago, this paper presents a model for classifying per-sonal data for research to inform researchers on how to manage them. The classification is based on the principles of the European General Data Protection Regulation and its implementation under the Spanish Law. The paper also describes in which conditions personal data may be stored and can be accessed ensuring compliance with data protection regulations and safeguarding privacy. The work has been developed collaboratively by the Library and the Data Protection Office. The outcomes of this collaboration are a decision tree for researchers and a list of requirements for research data re-positories to store and grant access to personal data securely. This proposal is aligned with the FAIR principles and the commitment for responsible open science practices.