GDPR determines circumstances for collecting, using, disclosing, retaining and processing personal data. Furthermore, it establishes the rights of the individuals and the requirements for implementing appropriate technical and organizational measures (TOMs), ensuring a level of data security corresponding to the risk of the data.
In case of a data breach, data protection authorities and affected individuals need to be informed within 72 hours following the discovery of a personal data breach resulting in the accidental or unlawful destruction, loss, alternation, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
These GDPR Guidelines provide general information for ºÚÁÏÍø research practitioners. It is not legal advice and should not be relied upon as such. This is an evolving document, subject to changes.
(available only to ºÚÁÏÍø staff and faculty)
Researcher Testimonial
"I’ve had the opportunity to work with the Office of Privacy for research-related DPIA applications and the service provided is excellent! Clear guidance in the procedure and timely feedback allow us to move on swiftly to subsequent steps of our IRB applications. While the administrative procedures to go through ethics applications have been more complicated since the introduction of GDPR, I am happy to have the Office of Privacy as an efficient and reliable partner in this process."
Marc Méhu, PhD
Associate Professor of Psychology, Webster Vienna Private University