Data protection review for ethics applications

datenschutz AI-Generiert

A lack of data protection measures is a risk for test subjects. For this reason, the KIT Ethics Committee requires the examination and approval of research projects in which personal data is processed.

The Data Protection Office (DSB) team is responsible for this. The basis for the data protection review is the General Data Protection Regulation (GDPR) and the Baden-Württemberg State Data Protection Act (LDSG).

If personal data is processed in your research project, the data protection officer must be involved at an early stage in accordance with Art. 38 para. 1 GDPR. Proceed as follows:

  1. Be aware of the work steps in your research project in which personal data is recorded, stored, passed on or otherwise processed .

  2. On the basis of this information, create an entry in the KIT electronic procedure directory (eVV) and, in particular, carry out the risk analysis.

  3. Create all documents that are necessary for the interaction with the data provider (usually test subjects): Participant information with declaration of consent, data protection information in accordance with Art. 13 GDPR; as well as questionnaires or interview guidelines if necessary. Templates for documents relevant to data protection law can be found here.

  4. Send all documents (ethics application and the above-mentioned data protection-relevant documents) by e-mail to datenschutz-ethik∂dsb.kit.edu by the deadline. The deadlines can be found here. It is best to send the documents as editable Word versions, as this makes it easier to comment on them. State the number of the eVV entry and explain that you require data protection clearance for your research project for an ethics vote.

  5. Clarify any queries with the DPO and, if necessary, adapt your documents.

  6. Continue with point (3) in the "Application procedure" section above.