When you have completed your research project, you must find out whether it is still necessary to store personal data in accordance with the rules regarding responsible conduct of research or according to the rules in the special legislation.
If you need to continue storing (and thus process) personal data for your research purpose in accordance with the rules on responsible conduct of research or pursuant to rules in the special legislation, you will still be processing personal data. Therefore, you must continue to comply with appropriate security measures, and your project must still be registered in the AU record.
If you do not need to continue storing personal data in accordance with the rules on responsible conduct of research or pursuant to rules in the special legislation, you will need to decide on what to do with data. As a general rule, you have 5 options:
Please be aware that it is not always optional. For instance you can be required to archive personal data according to the Danish Archives Act or the termination can be determined by contractual obligations or by legal obligations.
When you have finalized the processing of personal you must then remove your research project/research purpose from the record. To do this, send an email to fortegnelse@au.dk with the following information:
In order for personal data to be considered anonymous, it must not be possible to identify individual persons on the basis of the data alone or in combination with other information.
In other words, you have to factor in that other people may have access to information which, together with the anonymous data, makes it possible to return to the original person identification in full or in part. Anonymisation must be irrevocable.
Personal data that has been adequately anonymised is not covered by the GDPR, and thus does not impose any legal requirements for the system where it has been saved. There is no longer a need for a documented time limit for when and how data is to be deleted. It would be a good idea to anonymise data if, for example, open access is required for research data.
These four points must, as a minimum, be met in order for Aarhus University to consider the data as anonymised:
Note that adequate anonymisation will usually be impossible in connection with qualitative data.
There are different interpretations of when personal data is anonymous, and there is no absolute distinction, but rather a case-by-case assessment of risk and reasonableness.