Go back

GDPR violations ‘happen all the time’, universities warned

Earma 2021: research managers urged to plan ahead to minimise data-protection risks

University staff have been warned that they need to be well prepared to help their institutions avoid falling foul of the EU’s General Data Protection Regulation, which is a position many research institutes, companies and hospitals have found themselves in.

Research managers should plan for worst-case scenarios, such as data breaches or the failure of international agreements, according to Lorenzo Mannella, a research project manager at the University of Bologna in Italy.

Speaking at the annual conference of the European Association of Research Managers and Administrators on 16 April, Mannella said serious violations of the EU’s GDRP rules, introduced in 2018, “happen all the time”.

He suggested managers need to “be ready even before the project begins” to watch out for potential violations, and keep up with national and institutional advice, such as that provided by data-protection offices.

Mannella used a fictional project to illustrate that human mistakes, such as sending personal data to the wrong recipients, sometimes “cannot be avoided—they are always a part of the risk management of a project”.

“In my opinion, the real big problem with human error is when the human is left alone,” Mannella said. He added that ideally teams rather than a single person would look after project data, but that in these circumstances it is important to delineate each person’s data-protection role.

Deciding how personal data will be handled within a project consortium should be the decision of the coordinator and should be considered at the proposal and grant agreement stages, Mannella said.

Research Professional News is the official media partner for Earma 2021. Follow more of our coverage on Twitter @ResProfNews and @ResearchEurope, #EARMADigital.

A version of this article also appeared in Research Europe