Enabling the Reuse of Personal Data in Research: A Classification Model for Legal Compliance
For researchers and data repositories, this provides a practical tool to navigate GDPR compliance, but it is an incremental application of existing legal frameworks to a specific domain.
This paper presents a classification model for personal data in research, based on GDPR and Spanish law, to help researchers manage data reuse while ensuring legal compliance and privacy. The collaboration produced a decision tree and repository requirements, aligned with FAIR principles.
Inspired by a proposal made almost ten years ago, this paper presents a model for classifying per-sonal data for research to inform researchers on how to manage them. The classification is based on the principles of the European General Data Protection Regulation and its implementation under the Spanish Law. The paper also describes in which conditions personal data may be stored and can be accessed ensuring compliance with data protection regulations and safeguarding privacy. The work has been developed collaboratively by the Library and the Data Protection Office. The outcomes of this collaboration are a decision tree for researchers and a list of requirements for research data re-positories to store and grant access to personal data securely. This proposal is aligned with the FAIR principles and the commitment for responsible open science practices.