Legal agreements
When working with personal identifying information, you will occasionally need to use a legal document in order to establish rights and responsibilities of the parties involved. For more information on the various types of agreements that exist, take a look at the chapter on Agreements in the Data Privacy Handbook. Below a brief description with some relevant practical information.
When sharing data that (may) contain personal identifying information with someone outside the University, you are required under the GDPR to use a Data Transfer Agreement (DTA). This is a relatively simple document with a number of standard clauses, where you will need to fill in:
- Title of the project involving the data transfer
- Name and details of the receiving researcher
- Duration of the agreement
- Description of the research project (e.g., an abstract)
- Description of the data (e.g., a table with variables and a brief description)
The document can then be signed by your department manager and someone authorized to sign at the receiving institute. You can contact privacy-fsw@uu.nl for a DTA template.