Η παρούσα εργασία εκπονήθηκε στα πλαίσια του προγράμματος Certified DPO του Παν.Αιγαίου και του Εργαστηρίου ΤΠΕ Ήρων.
Navigating GDPR Compliance in Marine Research Methodology: Best Practices for Using Questionnaires
Papadimitriou Evangelos
Επιβλέπων καθηγητής: Αθανάσιος Δαβαλάς
Mytilene, March 2023
Contents
- Introduction
1.1 The General Data Protection Regulation (GDPR)…………………………………………….5
1.2 The Role of Questionnaires in Marine Research………………………………………….….5
1.3 Navigating GDPR Compliance for Marine Researchers using Questionnaires: The Importance of Providing Practical Guidance………………………………………………….….5
1.4 Balancing GDPR Compliance and Data Quality in Marine Research Methodology…..…….6
1.5 Potential Risks and Challenges of GDPR Compliance in Marine Research using Questionnaires……………………………………………………………………………..….….5
- Methology………………………………………………………………………………………………7
- Results
3.1 Demographics and Attitudes of Participants……………………………………………………………7
3.2 Data Protection…………………………………………………….……………………………………7
3.3 GDPR Compliance………………………………………………………………………………………8
3.4 Challenges Facing Marine Researchers…………………………………………………………………8
- Discussion……………………………………………………………………………………………………………………………….8
- References………………………………………………………………………………………………………………………………9
Abstract
Marine research involves collecting sensitive data that may be subject to the General Data Protection Regulation (GDPR). This study explores the best practices for using questionnaires in marine research to comply with GDPR. A survey was conducted among marine researchers to gather information about their questionnaire practices and compliance strategies. The results show that researchers have limited awareness and understanding of GDPR regulations and often do not comply with GDPR requirements when using questionnaires. The discussion outlines the best practices for questionnaire design, data processing, and participant consent to comply with GDPR. These practices include providing clear information about data processing, obtaining explicit consent from participants, and implementing appropriate data security measures. By following these best practices, researchers can ensure that their marine research complies with GDPR regulations while maintaining the quality and accuracy of the data collected.
Περίληψη
Η θαλάσσια έρευνα περιλαμβάνει τη συλλογή ευαίσθητων δεδομένων που μπορεί να υπόκεινται στον Γενικό Κανονισμό Προστασίας Δεδομένων (GDPR). Η παρούσα μελέτη εξετάζει τις βέλτιστες πρακτικές για τη χρήση ερωτηματολογίων στη θαλάσσια έρευνα για τη συμμόρφωση με το GDPR. Στα πλαίσια της μελέτης πραγματοποιήθηκε έρευνα ανάμεσα σε θαλάσσιους ερευνητές για τη συλλογή πληροφοριών σχετικά με τις πρακτικές χρήσης ερωτηματολογίων και τις στρατηγικές συμμόρφωσης με το GDPR. Τα αποτελέσματα έδειξαν ότι οι ερευνητές έχουν περιορισμένη επίγνωση και κατανόηση των κανονισμών του GDPR και συχνά δεν συμμορφώνονται με τις απαιτήσεις του GDPR κατά τη χρήση ερωτηματολογίων.
Επιπλέον, στην μελέτη περιγράφονται κατάλληλες πρακτικές για το σχεδιασμό ερωτηματολογίων, την επεξεργασία δεδομένων και τη συγκατάθεση των συμμετεχόντων για τη συμμόρφωση με τον Γενικό Κανονισμό Προστασίας Δεδομένων (GDPR).
Αυτές οι πρακτικές περιλαμβάνουν την παροχή σαφών πληροφοριών για την επεξεργασία δεδομένων, την απόκτηση έκφρασης συγκατάθεσης από τους συμμετέχοντες και την εφαρμογή κατάλληλων μέτρων ασφάλειας δεδομένων. Ακολουθώντας αυτές τις καλύτερες πρακτικές, οι ερευνητές μπορούν να διασφαλίσουν ότι η θαλάσσια έρευνά τους συμμορφώνεται με τους κανονισμούς του GDPR διατηρώντας παράλληλα την ποιότητα και την ακρίβεια των συλλεγόμενων δεδομένων.
- Introduction
1.1 The General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a data protection law that was introduced by the European Union (EU) in May 2018 (Yuan et al 2019). It replaced the outdated Data Protection Directive of 1995 (EU, 1995) and is considered one of the most significant and far-reaching data protection laws in the world. The GDPR is designed to strengthen and unify data protection for all individuals within the EU, as well as to address the export of personal data outside the EU. It provides individuals with greater control over their personal data and requires organizations to be transparent about how they collect, process, and store personal data. The GDPR also imposes significant fines for non-compliance, which can be as high as €20 million or 4% of an organization’s annual global turnover, whichever is higher ((EU, 2016) . As a result, the GDPR has become a critical consideration for businesses, organizations, and researchers who process personal data within the EU or collect data from individuals located in the EU.
1.2 The Role of Questionnaires in Marine Research
Marine ecosystems around the world are being affected by various human activities that are causing direct and indirect threats to the ocean (Lotze et al., 2018). Questionnaires are an essential tool in marine research, enabling researchers to collect qualitative and quantitative data on a broad range of topics, including attitudes toward marine conservation, perceptions of marine resource management, and fishing practices. The versatility of questionnaires allows researchers to gather information on public perceptions and attitudes toward marine resources, which can inform policy and management strategies.
Additionally, questionnaires can be used to monitor the effectiveness of existing management measures and develop sustainable fisheries management plans. Despite the advantages of using questionnaires, the General Data Protection Regulation (GDPR) presents challenges for marine researchers, especially in the collection, processing, and storage of personal data. Therefore, researchers must take steps to ensure that they collect and process personal data in compliance with GDPR regulations, including obtaining informed consent from participants, anonymizing data to protect privacy, and securely storing and transferring data.
1.3 Navigating GDPR Compliance for Marine Researchers using Questionnaires: The Importance of Providing Practical Guidance
Marine researchers face numerous challenges when it comes to GDPR compliance, particularly when using questionnaires as a research tool. These challenges include obtaining informed consent, ensuring data security and confidentiality, anonymizing personal data, and mitigating the potential impact of GDPR on the quality and quantity of data collected. Given the complexity of GDPR regulations and the potential for significant penalties for non-compliance, it is crucial to provide practical guidance for marine researchers navigating GDPR compliance. Providing clear and concise guidance on GDPR compliance can help researchers avoid potential legal and ethical pitfalls while still being able to gather valuable data for their research.
Clear guidance can also help to increase participant trust and confidence in the research process, leading to more accurate and reliable data. Furthermore, practical guidance can reduce the burden on researchers in understanding and implementing GDPR regulations, allowing them to focus on their research. In addition, providing practical guidance can ensure consistency in GDPR compliance across marine research projects.
This can increase the reliability and comparability of research results, as well as enhance the transparency and accountability of the research process. Ultimately, providing practical guidance for navigating GDPR compliance in marine research methodology is essential for ensuring the ethical and legal use of personal data in research. This guidance can help to protect the privacy and data rights of participants, increase participant trust and confidence, reduce the burden on researchers, and ensure consistency in compliance across research projects.
1.4 Balancing GDPR Compliance and Data Quality in Marine Research Methodology
Ensuring GDPR compliance in marine research methodology when using questionnaires can be challenging, particularly when trying to balance compliance with maintaining high-quality data. While GDPR compliance is essential for protecting the privacy and data rights of participants, it can sometimes create roadblocks for researchers. One of the biggest concerns for researchers is that the emphasis on data protection under GDPR may cause participants to be less willing to provide personal information, which could impact the quantity and quality of data collected. One way to balance GDPR compliance and data quality is to be transparent with participants about how their data will be used, and the measures being taken to protect their privacy.
By clearly explaining the purpose and importance of the research and how the data will be used, participants may be more willing to provide personal information. Additionally, researchers can use strategies such as informed consent and anonymization to help protect participant privacy while still collecting useful data. Another way to balance GDPR compliance and data quality is to carefully consider the questions being asked in questionnaires. Researchers should only collect data that is necessary
for the research and should avoid collecting sensitive information unless necessary. Additionally, researchers should ensure that the questions are clear, concise, and easy to understand, as this can help increase the quality of data collected. To further ensure GDPR compliance and data quality, researchers should also take steps to secure data storage and transfer. This may include using encryption or password protection to protect sensitive data, as well as implementing secure data transfer protocols. By using secure methods to collect, store, and transfer data, researchers can help protect participant privacy while still maintaining high-quality data.
Finally, researchers can consider using alternative data collection methods that may be less intrusive or require less personal information. For example, researchers can use remote sensing technologies to collect data on marine environments or conduct interviews rather than using questionnaires. By using a range of data collection methods, researchers can help mitigate the potential impact of GDPR on data quality while still ensuring compliance. In conclusion, balancing GDPR compliance and data quality in marine research methodology when using questionnaires can be a challenge, but it is essential for protecting participant privacy and data rights.
By being transparent with participants, carefully considering the questions being asked, securing data storage and transfer, and considering alternative data collection methods, researchers can help ensure compliance while still collecting high quality data. Ultimately, this can help advance our understanding of marine ecosystems and inform policies and practices that promote marine conservation and sustainability.
1.5 Potential Risks and Challenges of GDPR Compliance in Marine Research using Questionnaires
While the GDPR aims to protect the privacy of individuals, it also presents several challenges and potential risks for marine researchers using questionnaires to collect data. One of the primary challenges is obtaining informed consent from participants. The GDPR requires that participants are fully informed about the collection and use of their data, and that they provide explicit consent for this.
However, obtaining this level of consent can be difficult, as participants may not fully understand the implications of their consent or may be hesitant to provide personal information. This can lead to incomplete or biased data, as some participants may choose not to participate in the study.
Another potential risk is the unintentional disclosure of personal data. While researchers may take steps to anonymize data and protect participants’ privacy, there is always a risk that personal data may be accidentally disclosed. This can occur through a data breach or by inadvertently including personal data in published research articles.
Such breaches can have serious consequences for both the participants and the researchers, including financial penalties and reputational damage. In addition, the GDPR may impact the quantity and quality of data collected through questionnaires. Participants may be hesitant to provide personal information due to concerns about privacy, leading to a lower response rate or incomplete data. This can impact the validity and reliability of the research findings, as well as limit the scope of the research.
Finally, complying with the GDPR may be time-consuming and resource intensive. Researchers may need to invest in additional software or training to ensure that they are collecting, storing, and processing personal data in compliance with the regulations.
This can be particularly challenging for small research teams or those with limited funding. In order to mitigate these risks and challenges, marine researchers using questionnaires must take proactive steps to ensure GDPR compliance. This includes obtaining informed consent from participants, ensuring that personal data is securely stored and transferred, and taking steps to anonymize data where possible.
Researchers should also take steps to educate themselves and their participants on the GDPR and its implications for their research. Overall, while GDPR compliance presents several challenges for marine researchers using questionnaires, it is essential for protecting the privacy and rights of individuals. By taking proactive steps to ensure compliance, researchers can continue to use questionnaires as a valuable tool for gathering information while minimizing the risks associated with data collection and processing.
- Methodology
The present study utilized a questionnaire to investigate the perceptions and attitudes of participants in marine research regarding GDPR compliance and data protection. The questionnaire consisted of a total of 24 questions and was designed to gather information on participants’ demographics, awareness and understanding of GDPR regulations, data protection measures, GDPR compliance in questionnaire design, and challenges faced by marine researchers in adhering to GDPR regulations. The questionnaire was distributed online via various social media platforms, and email lists and participation were voluntary.
The survey was conducted in English, and participants weren’t given the option to skip any question they did not wish to answer. The survey was administered over a two-week period, in March 2023, with a total of 141 responses collected. All responses were anonymized and stored securely, in accordance with GDPR regulations. Overall, the use of a questionnaire was an effective method for investigating the perceptions and attitudes of participants in marine research regarding GDPR compliance and data protection. The findings of this study provide valuable insights into the challenges faced by Greek marine researchers in adhering to GDPR regulations and can inform the development of best practices for using questionnaires in marine research.
- Results
3.1 Demographics and Attitudes of Participants
The majority of participants in this study were aged between 30 and 49 years old (45.39%), with over half identifying as male (55.44%). Nearly half of the participants had completed a Bachelor’s degree (47.52%), with a significant proportion holding higher degrees. These findings are consistent with previous research that has found that young, educated individuals are more likely to participate in research studies. In terms of GDPR awareness, the majority of participants (63.12%) had heard of the regulation, but only a small proportion (11.35%) were very familiar with it. Furthermore, the majority of participants, (78.01%) were unsure about their perceptions of the regulation. These findings highlight the need for better education and communication about GDPR regulations, particularly in the context of marine research.
3.2 Data Protection
The findings of this study suggest that participants in marine research are generally not willing to take extra steps to protect their personal information, and only a minority (9.22%) had received GDPR training in the context of marine research. This highlights the need for researchers to take extra care when handling personal data, and to ensure that appropriate measures are in place to protect the confidentiality and security of participant data.
Regarding anonymity, the majority of participants (63.12%) in this study prefer to remain anonymous in marine research questionnaires, and a significant proportion (55%) use secure storage and transfer methods to protect personal data when participants were not anonymous. These findings suggest that researchers should prioritize anonymity when designing research studies and take appropriate measures to protect personal data when anonymity is not possible.
3.3 GDPR Compliance
The findings of this study suggest that only a minority of researchers (8%) are taking steps to ensure GDPR compliance, such as including a statement in the questionnaire outlining the purpose of the research and how the data will be used. However, the study also found that only a small proportion of participants had obtained informed consent in marine research. These findings highlight the need for researchers to be more diligent in ensuring that they obtain informed consent from participants and take appropriate measures to prevent data breaches.
3.4 Challenges Facing Marine Researchers
The biggest challenges facing marine researchers in terms of GDPR compliance and questionnaire design were ensuring transparency and clarity in consent forms (40%), maintaining data security and privacy (30%), and balancing the need for data collection with GDPR regulations (30%). These findings suggest that researchers need to take extra care when designing research studies to ensure that they are compliant with GDPR regulations and that they communicate effectively with participants.
Overall, the findings of this study highlight the importance of ensuring GDPR compliance and data protection in marine research, while also emphasizing the need for clear and effective communication with participants. Researchers in this field need to take extra care when designing research studies to ensure that they are compliant with GDPR regulations and that they protect the confidentiality and security of participant data.
- Discussion
The results of this questionnaire shed light on the demographic and attitudinal factors affecting GDPR compliance in marine research and highlight some of the key challenges and best practices for using questionnaires in this context. One notable finding is the relatively low level of GDPR awareness among participants, with only 63.12% having heard of the regulation and just 11.35% being very familiar with it. This highlights the need for researchers to provide clear and concise explanations of the regulation and its implications for data protection and privacy in the context of marine research. In terms of best practices for navigating GDPR compliance in marine research methodology using questionnaires, there are several key steps that researchers can take to ensure that they are collecting and processing personal data in compliance with the new regulations.
One of the most important steps is obtaining informed consent from participants, which involves providing clear and concise information about how their personal data will be collected, processed, and stored, as well as informing them of their rights under the GDPR. Researchers must also ensure that participants have the option to withdraw their consent at any time. Data anonymization is another important aspect of GDPR compliance, involving the removal of any identifying information from the data collected to protect the privacy of participants. Securely storing and transferring data is also crucial, and researchers must ensure that any personal data collected is stored in a secure location, such as a password-protected database, and that only authorized personnel have access to it.
Any data that is transferred between researchers or organizations must also be done in a secure and encrypted manner to protect against data breaches or unauthorized access. To ensure the reliability and validity of questionnaire data, researchers can use strategies such as emphasizing the importance of the research and the benefits to participants, ensuring anonymity and confidentiality, and using incentives to encourage participation. Finally, it is important for marine researchers to stay up to date on any changes or updates to GDPR regulations and adjust their methodologies accordingly.
In summary, navigating GDPR compliance in marine research methodology when using questionnaires requires careful planning and attention to detail. By following best practices such as obtaining informed consent, anonymizing data, securely storing and transferring data, and being aware of the impact of GDPR on questionnaire data, marine researchers can ensure that they are collecting and processing personal data in a way that is transparent, fair, and lawful, and that data subjects are aware of their rights under the GDPR.
- References
European Communities, Commission, Directive 95/46 EC of the European Parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and the free movement of such data Official Journal of the European Communities, L281 (23 November 1995), p. 31 http://data.europa.eu/eli/dir/1995/46/oj
European Union. (2016). Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L119, 1-88. http://data.europa.eu/eli/reg/2016/679/oj
Lotze, Heike K., Haley Guest, Jennifer K. O’Leary, Arthur Omondi Tuda and D. W. R. Wallace. “Public perceptions of marine threats and protection from around the world.” Ocean & Coastal Management 152 (2018): 14-22. https://doi.org/10.1016/j.ocecoaman.2017.11.004
Yuan, B.; Li, J. The Policy Effect of the General Data Protection Regulation (GDPR) on the Digital Public Health Sector in the European Union: An Empirical Investigation. Int. J. Environ. Res. Public Health 2019, 16, 1070. https://doi.org/10.3390/ijerph16061070