What is Data Protection?

    As of 25 May 2018, the General Data Protection Regulation (GDPR) has become valid. GDPR defines a standard for all EU countries about how to deal with personal data. This is not only important for companies who have to oblige to these specific rules, but also for the people whose data are being processed by those companies - in short, you as a person. 

    Every EU country has integrated the GDPR into their own laws concerning privacy. In the Netherlands, that law is called "Algemene Verordening Gegevensbescherming (AVG)". The German equivalent is "Bundesdatenschutzgesetz neu (BDSG neu)". 

    We as the MPI for Psycholinguistics are also obliged to act according to GDPR standards. We do so by following guidelines of the MPG, who we are legally bound to as we are not a "stand-alone" company in the common sense. All MPI institutes of the MPG report to MPG and are thus obliged to act according to their standards and guidelines. The MPI for Psycholinguistics seeks to implement those standards in the Netherlands. 

    General Data Protection Regulation

    Legal basis for processing personal data

    According to GDPR, an organisation needs a legal basis for being allowed to process personal data. In case of the MPI we make use of the following three (but there are six in total): consent, performance of a contract, and legitimate interest.  

    • Consent: the data subject has given permission for the organisation to process their personal data for one or more processing activities (e.g., informed consent in research (see for example here and here), but also for recording events, stimuli recordings, etc.). 
    • Performance of a contract: the data processing activity is necessary to enter into or perform a contract with the data subject (e.g., processing your CV, salary, pension, etc. at the MPI). 
    • Legitimate interest: also known as balancing of interest. Is this processing activity necessary for the organisation to function? Does the processing activity outweigh any risks to a data subject's rights and freedom? (e.g., withdrawal of consent in finished research project; always contact privacy@mpi.nl for this). 
    Give feedback