Data protection and personal data

tekijä: Taina Tammelin-Laine Viimeisin muutos torstai 14. lokakuuta 2021, 14.33

 

 

                                 keha_prosessi

 

In the spring of 2018, all EU countries began to apply the General Data Protection Regulation (GDPR). Its purpose is to better protect personal data and provide more ways to manage the processing of them. This is important because of the new kinds of data protection issues arising from digitalisation and globalisation. In addition, GDPR will harmonise data protection regulation in EU countries.

Any information relating to an identified or identifiable person shall be considered as personal data. Personal data include, e.g., name, IP address or other characteristic factors such as face image, voice, and signature. This information is confidential in its security classification. In addition, GDPR specifically designates specific categories of personal data or sensitive information (race or ethnicity, political opinion, religious or philosophical belief, union membership, genetic or biometric data processing of a person's unequivocal for identification, information on health, information on sexual behaviour and orientation of a natural person). This information is classified and is forbidden in principle. However, if they are addressed in the study, there will always be an exception (explicit consent from the participants / processing is necessary for scientific and historical research purposes in the public interest).

However, GDPR does not apply in the case of personal data of persons who have already died, or if the investigation does not collect personal data at all but has, for example, been anonymised in the past.

 

Read more on the topic:

University of Jyväskylä. Data privacy. Instructions for researchers, 2021.

University of Jyväskylä. Data privacy. Instructions for students, 2021.