Data protection in research

The German Network of Educational Research Data provides helpful information on the topics of data protection and consent. Visit the network’s law and ethics section on its website.

Visit the information and data protection management portal (ISDSM-Portal) or the Staff Service Portal for more information and resources with regard to data protection.

If you take photos (or have them taken) at a large event, there are some recommendations that you can read through in the Staff Service Portal. You can also download a poster there to notify attendees that photos are being taken.

If you want to photograph people individually, you need to have them sign a photo release. The template can be found in the Staff Service Portal, which also provides a link to a terms of use document.

The respective consent can be obtained in analog or digital form. Written consent is not strictly required.

Before submitting their application to the Faculty of Education ethics committee, researchers can discuss and develop their data protection policy with the E-Science Office.

Most research projects in schools are subject to approval. Find the currently valid regulations on the pages of the Institute for Educational Monitoring and Quality Development (IfBQ), which is under the Ministry of Schools and Vocational Education. Read information on cross-state research in schools and the corresponding approval procedures on the German Network of Educational Research Data website. If you have any questions before you submit an application, the E-Science Office can advise you on the application process. 

When using individual software solutions—that is, software not provided by the Regional Computing Center (RRZ)—it is essential to check the technical-operational measures of the processor and to conclude a processing agreement. In addition, a cloud checklist must be completed for cloud products. The E-Science Office supports researchers in preparing the necessary documentation and coordinates the process of software implementation in collaboration with the researchers and the respective department. This process usually takes between 3 and 9 months and should therefore be requested early if needed.

From a data protection perspective, there are several things to consider when conducting conferences and workshops. The E-Science Office advises researchers in the Faculty of Education on how to implement data protection requirements for research-related events.

Software

University of Hamburg members can use Indico to plan conferences. Indico provides organizers with support in managing payments and participants and with organizing calls for papers. Third-party software that processes personal data requires a processing agreement.

When using Zoom and recording events according to data protection requirements, University of Hamburg staff can use a Zoom webinar solution; however, this must be applied for separately. 

Consent forms

Before recording speakers, you must obtain consent—ideally in writing. You must inform participants about image and video recordings on-site or also via Zoom.

You must document the processing and collection of personal data in the VVT+ (record of processing activities) form.

Events with other institutions

Shared responsibility may exist for events held in cooperation with other universities or research institutions. This is the case when the partners jointly decide on the purposes and type of processing. In this instance, a contract must be concluded between the parties responsible. You can find a template on the website for central data protection management.